[résolu] Trojan.DNSchanger

Bonjour à tous,

J'ai un soucis sur mon portable avec un trojan qui me met systématiquement un n° de DNS. J'ai déjà effectué pas mal de recherches à ce sujet mais je n'arrive pas à trouver de solution.
Avast a trouvé une partie, l'a supprimé mais çà n'a pas suffi.
AVG anti-spyware ne détecte rien.
Enfin Malwarebytes retrouve 6 entrées, semble les supprimer mais elles reviennent toujours :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50 85.255.112.154 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0087cbdc-f9a7-4b41-8c7e-2b60b283a197}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50,85.255.112.154 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50 85.255.112.154 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0087cbdc-f9a7-4b41-8c7e-2b60b283a197}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50,85.255.112.154 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50 85.255.112.154 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0087cbdc-f9a7-4b41-8c7e-2b60b283a197}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.50,85.255.112.154 -> Quarantined and deleted successfully.

Bref, je ne sais pas comment faire pour m'en débarrasser définitivement.

Bonsoir,


1) Désactive tous tes logiciels de protection.


2) Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31.

- Fais un clic droit puis Extraire tout sur le fichier SmitfraudFix.zip, cela va tout décompresser dans un nouveau dossier SmitFraudfix
- Ouvre le dossier SmitfraudFix double clic sur SmitfraudFix.cmd (le .cmd peut ne pas être présent)
- Choisis l'option 1 et appuie sur Entrée
- Réponds o (Oui) aux deux questions suivantes si elles sont posées
- Un rapport sera généré sauvegarde le dans un dossier
- Copie/colle le contenu du rapport ici


3) Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis


A plus tard.

Merci de ton aide.

Rapport SmitfraudFix :

SmitFraudFix v2.387

Rapport fait à 16:27:21,03, 21/12/2008
Executé à partir de C:\Documents and Settings\Ishadawn\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:10, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MBFreeSubliminalMessageSoftware] C:\Program Files\MB Free Subliminal Message Software\MBFreeSubliminalMessageSoftware.exe /STARTUP
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0087CBDC-F9A7-4B41-8C7E-2B60B283A197}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{0087CBDC-F9A7-4B41-8C7E-2B60B283A197}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard (avg anti-spyware guard) - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11445 bytes

Bonsoir,


1) Désinstalle AVG Anti-Spyware. Il n'est plus mis à jour.


2) Relance HijackThis

- (Do a system Scan Only), cocher les lignes suivantes si présentes :

- Ferme tous les programmes et navigateur, et Clique sur Fix Checked.


3) Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

- Lance l'installation avec les paramètres par défaut
- Branche tes sources de données externes (clés usb, lecteurs mp3, etc.) à ton PC sans les ouvrir
- Double clique sur le raccourci UsbFix sur ton bureau
- Le pc va redémarrer
- Après redémarrage, poste le rapport UsbFix.txt (il est sauvegardé a la racine du disque dur)


4) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


5) Télécharge Combofix de sUBs : combofix.exe et sauvegarde le sur ton bureau et pas ailleurs!


6) Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


7) Actuellement, Avast n'est vraiment plus un antivirus recommandable.

Lire : Si vous avez Avast!, Norton ou McAfee et Avast! Ne vous protège plus ?

Je te conseille grandement d'installer à la place l'antivirus AntiVir.
Tu trouveras un tutorial sur Antivir depuis ce lien : http://www.malekal.com/tutorial_antivir.php

- Fais un scan complet de ton système.
- Poste le rapport de scan dans ta prochaine réponse.


A plus tard.

J'ai désinstallé antispyware.
J'ai remplacé avast par antivir.

Rapport USBfix :

-------------- UsbFix V2.413.6 ---------------

* User : Ishadawn - JEANNICK
* Outils mis a jours le 21/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:06:49 le 21/12/2008
* Windows Xp - Internet Explorer 6.0.2900.5512


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

G: - Lecteur fixe


+- Contenu de l'autorun : G:\autorun.inf



--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[25/04/2008 19:00][--a------] C:\AUTOEXEC.BAT
[14/04/2008 13:00][-rahs----] C:\NTDETECT.COM
[31/10/2008 19:31][-rahs----] C:\boot.ini
[09/12/2008 20:49][--a------] C:\PlayList.txt
[09/12/2008 20:49][--a------] C:\rapport.txt
[09/12/2008 20:49][--a------] C:\rapport_clean.txt
[09/12/2008 20:49][--a------] C:\resultat_clean.txt
[09/12/2008 20:49][--a------] C:\UsbFix.txt
[25/04/2008 19:00][--a------] C:\CONFIG.SYS
[25/04/2008 19:00][--a------] C:\hiberfil.sys
[25/04/2008 19:00][--a------] C:\IO.SYS
[25/04/2008 19:00][--a------] C:\MSDOS.SYS
[25/04/2008 19:00][--a------] C:\pagefile.sys

--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe


+- Listing des fichiers présents :

[24/07/2008 12:32][-r-hs----] G:\r.bat
[12/12/2008 22:00][-r-hs----] G:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MBFreeSubliminalMessageSoftware=C:\Program Files\MB Free Subliminal Message Software\MBFreeSubliminalMessageSoftware.exe /STARTUP
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint=C:\Program Files\DellTPad\Apoint.exe
RTHDCPL=RTHDCPL.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /installquiet
NVHotkey=rundll32.exe nvHotkey.dll,Start
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
OEM13Mon.exe=C:\WINDOWS\OEM13Mon.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
DELL Webcam Manager="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
Dell QuickSet=C:\Program Files\Dell\QuickSet\quickset.exe
Adobe Reader Speed Launcher="c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ECenter=C:\Dell\E-Center\EULALauncher.exe
dscactivate="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
PDVDDXSrv="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{245a2ed2-c865-11dd-ace5-00234d8157f9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{245a2ed2-c865-11dd-ace5-00234d8157f9}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{245a2ed2-c865-11dd-ace5-00234d8157f9}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [21/12/2008 16:27][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [21/12/2008 16:27][--a------] C:\WINDOWS\system32\tmp.txt
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\R‚pertoire temporaire 5 pour Subliminal Recording System 5.1 + crack (KN2005).zip
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\IXP000.TMP\Windows Keygen All OS Win2000+Win2003+WinXP+WinVista
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\IXP001.TMP\Windows Keygen All OS Win2000+Win2003+WinXP+WinVista
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\IXP002.TMP\Windows Keygen All OS Win2000+Win2003+WinXP+WinVista
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\R‚pertoire temporaire 5 pour Subliminal Recording System 5.1 + crack (KN2005).zip\Subliminal Recording System 5.1
Supprimé ! - C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\R‚pertoire temporaire 5 pour Subliminal Recording System 5.1 + crack (KN2005).zip\Subliminal Recording System 5.1\CUSTDATA.INI
Supprimé ! - [12/12/2008 22:00][-r-hs----] G:\autorun.inf
Supprimé ! - [25/12/2006 00:37][--ahs----] G:\THUMBS.DB
Supprimé ! - [24/07/2008 12:32][-r-hs----] G:\r.bat

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[25/04/2008 19:00][--a------] C:\AUTOEXEC.BAT
[14/04/2008 13:00][-rahs----] C:\NTDETECT.COM
[31/10/2008 19:31][-rahs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------

Rapport Combofix :

ComboFix 08-12-21.01 - Ishadawn 2008-12-21 20:26:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2675 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ishadawn\Bureau\ComboFix.exe

[B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\drivers\msqpdxmhctoiqh.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\hpowiax8.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msqpdxorvdhrsr.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_icf


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 ))))))))))))))))))))))))))))))))))))
.

2008-12-21 20:02 . 2008-12-21 20:18 <REP> d-------- c:\program files\UsbFix
2008-12-21 16:22 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-18 21:02 . 2008-12-18 21:02 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Malwarebytes
2008-12-18 21:01 . 2008-12-18 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 20:45 . 2008-12-18 20:45 9,860,828 --a------ C:\upload_moi_JEANNICK.tar.gz
2008-12-18 20:24 . 2008-12-18 20:24 <REP> d-------- c:\program files\Trend Micro
2008-12-18 16:20 . 2008-12-18 16:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-15 22:57 . 2008-12-15 22:57 <REP> d-------- c:\program files\Alwil Software
2008-12-15 16:10 . 2008-12-15 16:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-15 16:10 . 2008-12-21 20:40 93,420 --a------ c:\windows\system32\drivers\39cf3d67.sys
2008-12-15 16:10 . 2008-12-15 16:12 2 --a------ C:\38773665
2008-12-15 00:10 . 2008-12-15 00:10 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\OpenOffice.org
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\OpenOffice.org 3
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\JRE
2008-12-14 21:34 . 2008-12-21 20:40 <REP> d-------- c:\program files\DNA
2008-12-14 21:34 . 2008-12-14 21:34 <REP> d-------- c:\program files\BitTorrent
2008-12-14 21:34 . 2008-12-21 20:40 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\DNA
2008-12-14 21:34 . 2008-12-15 15:27 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\BitTorrent
2008-12-14 17:55 . 2008-12-14 17:55 <REP> d-------- c:\program files\Foxit Software
2008-12-14 03:25 . 2008-12-14 03:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Macromedia
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-12-14 00:13 . 2008-12-14 00:13 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Roxio
2008-12-12 14:45 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator Toolbar
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator
2008-12-12 00:17 . 2008-12-12 00:17 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_343.exe
2008-12-12 00:17 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2008-12-12 00:17 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-12 00:17 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-12-12 00:17 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-12 00:17 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2008-12-12 00:17 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\windows\speech
2008-12-09 20:00 . 2008-12-09 20:01 <REP> d-------- c:\program files\Subliminal Visualizer Pro
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\program files\SRSRipper
2008-12-09 20:00 . 2008-12-09 20:53 <REP> d-------- c:\program files\SRS5-1XP
2008-12-09 20:00 . 2003-08-27 23:13 1,101,824 --a------ c:\windows\system32\vbskpro.ocx
2008-12-09 20:00 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-09 20:00 . 2000-05-22 00:00 608,448 --a------ c:\windows\system32\ComCtl32.ocx
2008-12-09 20:00 . 2002-11-29 16:07 503,808 --a------ c:\windows\system32\DXVUMeter.ocx
2008-12-09 20:00 . 2000-12-06 00:00 415,176 --a------ c:\windows\system32\Comct332.ocx
2008-12-09 20:00 . 1998-04-24 20:08 368,912 --a------ c:\windows\system32\vbar332.dll
2008-12-09 20:00 . 2000-05-22 00:00 203,976 --a------ c:\windows\system32\RichTx32.ocx
2008-12-09 20:00 . 2001-09-28 17:00 164,864 --a------ c:\windows\UNWISE.EXE
2008-12-09 20:00 . 2000-03-13 05:00 118,784 --a------ c:\windows\system32\Msstdfmt.dll
2008-12-09 20:00 . 2003-05-21 06:47 49,152 --a------ c:\windows\system32\mp3enc.dll
2008-12-09 20:00 . 2000-06-13 16:06 32,768 --a------ c:\windows\system32\prjKnob.ocx
2008-12-08 18:21 . 2008-12-08 18:26 <REP> d-------- c:\program files\MB Free Subliminal Message Software
2008-12-08 18:21 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-08 18:21 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\Tabctl32.ocx
2008-12-08 18:21 . 2001-03-13 14:49 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-08 18:21 . 2008-12-08 18:21 33 --a------ c:\windows\system32\minsage
2008-12-07 21:58 . 2008-12-07 22:45 <REP> d-------- c:\program files\Audacity
2008-12-07 18:21 . 2008-12-07 18:21 <REP> d-------- c:\windows\Sun
2008-12-07 14:46 . 2008-12-07 18:23 <REP> d-------- c:\program files\Artweaver 0.5
2008-12-07 14:46 . 2008-12-07 14:46 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Artweaver
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\program files\Fichiers communs\Jasc Software Inc
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Jasc Software Inc
2008-12-07 14:07 . 2008-12-07 14:09 <REP> d-------- c:\program files\Jasc Software Inc
2008-12-07 13:53 . 2008-12-07 13:53 <REP> d--h----- c:\windows\PIF
2008-12-07 11:38 . 2008-12-07 11:38 <REP> d-------- c:\program files\MSXML 4.0
2008-12-05 08:44 . 2008-12-21 13:56 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HPAppData
2008-12-04 21:17 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HP
2008-12-04 21:15 . 2008-12-04 21:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-04 21:15 . 2007-10-30 10:22 970,752 -ra------ c:\windows\system32\hpotiop6.dll
2008-12-04 21:15 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-04 21:15 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-04 21:15 . 2007-10-30 10:22 303,104 -ra------ c:\windows\system32\hpovst14.dll
2008-12-04 21:15 . 2008-02-12 04:49 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-04 21:15 . 2008-02-07 10:26 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-04 21:15 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-04 21:15 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-12-04 21:15 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\HP
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-04 21:04 . 2008-12-04 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-04 21:02 . 2008-12-04 21:04 <REP> d-------- c:\program files\HP
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-04 21:00 . 2008-12-04 21:17 177,936 --a------ c:\windows\hpoins29.dat
2008-12-04 21:00 . 2008-02-20 05:36 986 --------- c:\windows\hpomdl29.dat
2008-12-03 23:39 . 2008-12-03 23:39 <REP> d-------- c:\program files\SubliSoft
2008-12-01 15:10 . 2008-12-01 15:10 <REP> d-------- c:\program files\Axon Data
2008-11-28 21:30 . 2008-11-28 21:30 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Creative
2008-11-28 21:24 . 2008-02-06 03:21 4,658,456 -ra------ c:\windows\system32\drivers\lvuvc.sys
2008-11-28 21:24 . 2008-02-06 03:21 490,008 -ra------ c:\windows\system32\LVUI2.dll
2008-11-28 21:24 . 2008-02-06 03:21 465,432 -ra------ c:\windows\system32\LVUI2RC.dll
2008-11-28 21:24 . 2008-02-06 03:18 416,280 -ra------ c:\windows\system32\lvcodec2.dll
2008-11-28 21:24 . 2008-12-21 20:39 0 --a------ c:\windows\system32\drivers\lvuvc.hs
2008-11-28 21:24 . 2008-12-21 20:39 0 --a------ c:\windows\system32\drivers\logiflt.iad
2008-11-28 21:08 . 2008-11-28 21:08 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Leadertech
2008-11-28 21:07 . 2008-02-06 03:18 195,096 --a------ c:\windows\system32\lvci11701196.dll
2008-11-28 21:07 . 2008-02-06 02:37 66,482 -ra------ c:\windows\system32\lvcoinst.ini
2008-11-28 21:07 . 2008-02-06 03:21 41,752 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2008-11-28 21:07 . 2008-02-06 02:40 25,056 -ra------ c:\windows\system32\Repository.reg
2008-11-28 21:06 . 2008-02-06 03:21 23,832 -ra------ c:\windows\system32\drivers\lvuvcflt.sys
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\program files\Logitech
2008-11-28 21:05 . 2008-11-28 21:07 <REP> d-------- c:\program files\Fichiers communs\LogiShrd
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-28 19:21 . 2008-11-28 19:21 754 --a------ c:\windows\WORDPAD.INI
2008-11-27 20:15 . 2008-11-27 20:15 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Media Player Classic
2008-11-27 20:13 . 2008-11-27 20:13 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-26 14:44 . 2008-11-26 14:44 <REP> d-------- c:\program files\Windows Journal Viewer
2008-11-25 13:01 . 2008-11-25 13:01 <REP> d-------- c:\windows\system32\LogFiles
2008-11-24 17:59 . 2008-12-20 18:35 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\skypePM
2008-11-24 17:59 . 2008-11-24 17:59 48 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-24 17:58 . 2008-12-20 19:22 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-24 15:10 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-24 15:10 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-24 15:10 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-24 15:09 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 15:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-14 02:25 --------- d-----w c:\program files\Java
2008-12-13 23:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 23:28 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-31 18:32 --------- d-----w c:\documents and settings\Ishadawn\Application Data\Dell
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-01 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-01 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-07-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-07-01 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-12-15 111184]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560]
R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2008-11-23 6016]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-10-15 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-10-15 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;\??\c:\windows\system32\Drivers\OEM13Afx.sys [2008-10-15 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-10-15 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-10-15 235840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-MBFreeSubliminalMessageSoftware - c:\program files\MB Free Subliminal Message Software\MBFreeSubliminalMessageSoftware.exe


.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
FF - ProfilePath - c:\documents and settings\Ishadawn\Application Data\Mozilla\Firefox\Profiles\602dmm0l.default\
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 20:39:31
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\39cf3d67]
"ImagePath"="\SystemRoot\System32\drivers\39cf3d67.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
c:\windows\system32\nvsvc32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-12-21 20:41:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-21 19:41:39

Avant-CF: 157,336,494,080 octets libres
Après-CF: 157,294,096,384 octets libres

296 --- E O F --- 2008-12-14 02:01:57

Rapport Antivir (Mode sans échec) :

Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 21 décembre 2008 21:09

La recherche porte sur 1107347 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 3) [5.1.2600]
Mode Boot : Mode sans échec
Identifiant : Ishadawn
Nom de l'ordinateur :JEANNICK

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 20:00:27
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 18/12/2008 20:00:30
ANTIVIR3.VDF : 7.1.1.15 107520 Bytes 21/12/2008 20:00:31
Version du moteur: 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 21/12/2008 20:00:42
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 21/12/2008 20:00:40
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 21/12/2008 20:00:39
AEHELP.DLL : 8.1.2.0 119159 Bytes 21/12/2008 20:00:34
AEGEN.DLL : 8.1.1.8 323956 Bytes 21/12/2008 20:00:33
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 21/12/2008 20:00:32
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, G:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : dimanche 21 décembre 2008 21:09

La recherche d'objets cachés commence.
Impossible d'initialiser le pilote.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'11' processus ont été contrôlés avec '11' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'G:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '59' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <OS>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\Ishadawn\Bureau\SmitfraudFix\Agent.OMZ.Fix.exe
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49b3a61c.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxorvdhrsr.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49bfa809.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxmhctoiqh.sys.vir
[RESULTAT] Contient le cheval de Troie TR/TDss.AE.21
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49bfa80a.qua' !
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49b3a87c.qua' !
C:\WINDOWS\system32\drivers\39cf3d67.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49b1a87c.qua' !
Recherche débutant dans 'G:\' <Disque Externe>


Fin de la recherche : dimanche 21 décembre 2008 21:39
Temps nécessaire: 30:11 Minute(s)

La recherche a été effectuée intégralement

11475 Les répertoires ont été contrôlés
532916 Des fichiers ont été contrôlés
5 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
5 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
532910 Fichiers non infectés
8245 Les archives ont été contrôlées
1 Avertissements
5 Consignes

Rapport Antivir (mode normal après redémarrage) :

Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 21 décembre 2008 21:52

La recherche porte sur 1107347 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :JEANNICK

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 20:00:27
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 18/12/2008 20:00:30
ANTIVIR3.VDF : 7.1.1.15 107520 Bytes 21/12/2008 20:00:31
Version du moteur: 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 21/12/2008 20:00:42
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 21/12/2008 20:00:40
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 21/12/2008 20:00:39
AEHELP.DLL : 8.1.2.0 119159 Bytes 21/12/2008 20:00:34
AEGEN.DLL : 8.1.1.8 323956 Bytes 21/12/2008 20:00:33
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 21/12/2008 20:00:32
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, G:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : dimanche 21 décembre 2008 21:52

La recherche d'objets cachés commence.
'119843' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'COCIManager.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés
Processus de recherche 'btdna.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISUSPM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HpqSRmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Quickcam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Communications_Helper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PDVDDXSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ApntEx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hidfind.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés
Processus de recherche 'quickset.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLTRAY.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'DellWMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ApMsgFwd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'OEM13Mon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Apoint.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BCMWLTRY.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'WLTRYSVC.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'55' processus ont été contrôlés avec '55' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'G:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '59' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <OS>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP0\A0000001.sys
[RESULTAT] Contient le cheval de Troie TR/TDss.AE.21
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb20b.qua' !
C:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP0\A0000002.dll
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb210.qua' !
C:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP1\A0000225.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb266.qua' !
Recherche débutant dans 'G:\' <Disque Externe>
G:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP2\A0000131.exe
[RESULTAT] Contient le code du virus Windows W32/Elkern.C
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb54d.qua' !
G:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP2\A0000177.exe
[RESULTAT] Contient le code du virus Windows W32/Elkern.C
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb551.qua' !
G:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP2\A0000178.exe
[RESULTAT] Contient le code du virus Windows W32/Elkern.C
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb558.qua' !
G:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP2\A0000179.exe
[RESULTAT] Contient le code du virus Windows W32/Elkern.C
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb55b.qua' !
G:\System Volume Information\_restore{7F06EDF5-C529-4657-A0A2-A39C96FDE661}\RP2\A0000188.exe
[RESULTAT] Contient le code du virus Windows W32/Elkern.C
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497eb55e.qua' !


Fin de la recherche : dimanche 21 décembre 2008 22:29
Temps nécessaire: 37:22 Minute(s)

La recherche a été effectuée intégralement

11501 Les répertoires ont été contrôlés
535103 Des fichiers ont été contrôlés
8 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
8 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
535093 Fichiers non infectés
8257 Les archives ont été contrôlées
2 Avertissements
8 Consignes
119843 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Rapport HiJackThis après toute la procédure :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:57, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9482 bytes

Bonsoir,

Ton système était très infecté :

- Infection se propageant par disques amovibles.
- Plusieurs rootkits dont un permettant l'envoi de SPAM.

Fais un peu attention !


1) Télécharge OTViewIt de OldTimer sur ton bureau.

- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

Si le bloc note ne s'ouvre pas, tu les trouveras sur ton bureau : OTViewIt.txt et Extras.txt


A plus tard.

L'ordinateur est neuf et la personne qui l'a reçu n'a pas pensé que la priorité était d'installer les systèmes de sécurité. Par ailleurs, une bonne partie des données ont été transféré d'un autre ordinateur par le disque externe, c'est peut être lui le fautif.

Rapport OTViewIt :

OTViewIt logfile created on: 21/12/2008 23:36:44 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Ishadawn\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,77 Gb Total Space | 146,35 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 93,16 Gb Total Space | 61,86 Gb Free Space | 66,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANNICK
Current User Name: Ishadawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/06/30 03:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008/06/30 03:42:14 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/02/21 22:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2008/02/21 22:21:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2008/04/14 13:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/14 13:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/16 22:32:06 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
[2008/12/14 03:25:43 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/07/27 16:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
[2008/02/21 22:24:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2008/06/30 03:42:40 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2008/02/22 12:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2008/02/21 22:25:06 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2008/02/21 22:24:54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[2008/10/15 10:23:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/05/23 14:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[2008/10/15 10:23:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/02/13 13:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[2008/02/13 13:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
[2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/08/22 16:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[2008/12/19 08:44:09 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
[2008/10/15 10:23:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/12/14 03:25:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
[2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
[2008/07/01 00:18:24 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/14 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
[2008/02/13 13:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
[2008/12/21 23:35:49 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ishadawn\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (antivirscheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (antivirservice [Auto | Running])
[2005/09/23 20:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 20:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/21 10:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/15 10:23:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812 [On_Demand | Stopped])
[2008/10/15 10:23:47 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/30 16:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/14 03:25:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2008/02/05 18:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2006/10/30 16:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/07/01 00:18:24 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/07/11 09:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/06/30 03:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2001/08/18 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 00:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2008/02/21 22:24:52 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/18 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2008/06/30 03:42:26 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2001/08/24 06:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/18 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007/07/23 15:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007/07/23 15:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007/07/23 14:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
[2007/07/23 15:05:26 | 00,009,136 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007/07/23 15:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007/07/23 15:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007/07/23 15:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007/07/23 14:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007/07/23 15:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007/07/23 15:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2007/07/23 14:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007/07/23 14:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008/02/06 03:21:48 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/14 13:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/10/30 10:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2007/10/30 10:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2007/10/30 10:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/03/17 22:50:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/02/21 22:21:58 | 04,625,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/14 13:00:00 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/02/05 18:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Running])
[2008/02/05 18:20:08 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/02/06 03:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/02/06 03:21:37 | 04,658,456 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2001/08/18 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/07/01 00:17:44 | 06,584,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/02/21 22:38:24 | 00,048,472 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [On_Demand | Running])
[2008/02/21 22:38:30 | 00,043,480 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR [On_Demand | Running])
[2008/07/16 22:32:00 | 00,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx [On_Demand | Running])
[2008/07/16 22:32:10 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx [On_Demand | Running])
[2008/07/16 22:32:12 | 00,235,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid [On_Demand | Running])
[2008/04/14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008/02/22 01:28:14 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])
[2008/04/14 13:00:00 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])
[2008/04/14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/18 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2001/08/18 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/18 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/18 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 11:45:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2008/04/14 00:46:22 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2004/06/26 15:22:00 | 00,006,016 | ---- | M] (RDV Soft) -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom [Auto | Running])
[2004/06/26 15:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv [On_Demand | Running])
[2006/11/02 20:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2008/04/14 00:36:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://fr.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=4081015
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=4081015

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=Barre d'outils PDFCreator

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"ECenter"=C:\Dell\E-Center\EULALauncher.exe ( )
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" ()
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"OEM13Mon.exe"=C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: Sélection intelligente HP -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007/11/06 01:50:44 | 00,542,016 | ---- | M] (Hewlett-Packard Co.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2007/11/06 01:50:44 | 00,542,016 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Bibliothèque de contrôles ActiveX Microsoft

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{0087CBDC-F9A7-4B41-8C7E-2B60B283A197} (Servers: | Description: Carte Mini de réseau local sans fil Wireless 1395 de Dell)
{07831521-82C7-4A66-A040-31E0DFE58ECF} (Servers: | Description: )
{0D99D345-4A5E-4AE6-8B2B-EA5E4C817986} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC)
{A2971415-DA15-43A0-8A73-123FE4AA3411} (Servers: | Description: Carte réseau 1394)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/25 19:00:56 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
File not found -- C:\Documents and Settings\Ishadawn\Bureau\Dél[1]. S.
[2008/12/21 23:35:41 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ishadawn\Bureau\OTViewIt.exe
[2008/12/21 22:56:30 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Internet Explorer - résolution de problèmes.url
[2008/12/21 21:49:57 | 32,195,74784 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/21 20:59:25 | 00,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008/12/21 20:59:20 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/12/21 20:59:20 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/12/21 20:59:20 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/12/21 20:59:18 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/21 20:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/12/21 20:59:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/21 20:48:28 | 22,148,280 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\antivir_workstation_winu_fr_h.exe
[2008/12/21 20:20:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/21 20:20:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/21 20:20:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/21 20:20:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/21 20:20:33 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/21 20:20:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/21 20:20:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/21 20:20:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/21 20:20:33 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/21 20:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/21 20:20:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/21 20:02:43 | 00,001,522 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\UsbFix.lnk
[2008/12/21 20:02:36 | 00,000,000 | ---D | C] -- C:\Program Files\UsbFix
[2008/12/21 20:01:59 | 00,726,134 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\UsbFix.exe
[2008/12/21 16:45:15 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Développe[1]..doc
[2008/12/21 16:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\SmitfraudFix
[2008/12/21 13:52:22 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Développe[1]...doc
[2008/12/20 18:45:41 | 00,145,391 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\plan.jpg
[2008/12/19 09:14:27 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Entretien avec un fumeur.doc
[2008/12/18 21:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Malwarebytes
[2008/12/18 21:01:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/18 21:00:24 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ishadawn\Bureau\mbam-setup.exe
[2008/12/18 20:45:43 | 09,860,828 | ---- | C] () -- C:\upload_moi_JEANNICK.tar.gz
[2008/12/18 20:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\clean
[2008/12/18 20:31:58 | 02,885,589 | R--- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\ComboFix.exe
[2008/12/18 20:31:58 | 02,884,875 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\ComboFix2.exe
[2008/12/18 20:24:54 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\HijackThis.lnk
[2008/12/18 20:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/18 20:24:35 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ishadawn\Bureau\HJTInstall.exe
[2008/12/18 16:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/18 16:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2008/12/17 20:35:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/15 22:57:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/12/15 21:03:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/15 21:02:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/15 16:14:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/15 16:10:50 | 00,000,002 | ---- | C] () -- C:\38773665
[2008/12/15 16:10:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/15 01:48:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\courtois
[2008/12/15 01:44:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\delvenne
[2008/12/15 00:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\OpenOffice.org
[2008/12/15 00:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 00:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/14 21:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\Downloads
[2008/12/14 21:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\BitTorrent
[2008/12/14 21:34:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\DNA
[2008/12/14 21:34:26 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2008/12/14 21:34:26 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2008/12/14 21:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\DNA
[2008/12/14 17:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2008/12/14 17:15:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\WinRAR
[2008/12/14 17:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/12/14 03:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\Disque actuel
[2008/12/14 03:28:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\Disque 2
[2008/12/14 00:32:40 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Macromedia
[2008/12/14 00:32:18 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2008/12/14 00:13:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Roxio
[2008/12/12 14:45:29 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2008/12/12 00:17:45 | 00,253,139 | ---- | C] (pdfforge.org) -- C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_343.exe
[2008/12/12 00:17:45 | 00,000,000 | ---D | C] -- C:\Program Files\PDFCreator Toolbar
[2008/12/12 00:17:37 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/12/12 00:17:36 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/12/12 00:17:35 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2008/12/12 00:17:35 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2008/12/12 00:17:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2FR.DLL
[2008/12/12 00:17:34 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2008/12/12 00:17:34 | 00,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2008/12/09 21:26:42 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\Courtois2.doc
[2008/12/09 20:55:42 | 05,758,667 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Voyage Astral.mp3
[2008/12/09 20:28:33 | 64,401,452 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\ahccai.wav
[2008/12/09 20:00:57 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2008/12/09 20:00:57 | 00,032,768 | ---- | C] (Veinge Musik och Data) -- C:\WINDOWS\System32\prjKnob.ocx
[2008/12/09 20:00:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\speech
[2008/12/09 20:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Subliminal Visualizer Pro
[2008/12/09 20:00:28 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2008/12/09 20:00:28 | 00,415,176 | ---- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\Comct332.ocx
[2008/12/09 20:00:28 | 00,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2008/12/09 20:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\SRSRipper
[2008/12/09 20:00:10 | 01,101,824 | ---- | C] (JB) -- C:\WINDOWS\System32\vbskpro.ocx
[2008/12/09 20:00:10 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ComCtl32.ocx
[2008/12/09 20:00:10 | 00,503,808 | ---- | C] (xFX JumpStart®) -- C:\WINDOWS\System32\DXVUMeter.ocx
[2008/12/09 20:00:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll
[2008/12/09 20:00:09 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2008/12/09 20:00:09 | 00,164,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/12/09 20:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\SRS5-1XP
[2008/12/08 18:21:49 | 00,000,033 | ---- | C] () -- C:\WINDOWS\System32\minsage
[2008/12/08 18:21:38 | 01,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2008/12/08 18:21:38 | 00,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2008/12/08 18:21:38 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2008/12/08 18:21:38 | 00,000,000 | ---D | C] -- C:\Program Files\MB Free Subliminal Message Software
[2008/12/07 21:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2008/12/07 21:32:36 | 00,010,752 | -HS- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Ishadawn\Bureau\Thumbs.db:encryptable
[2008/12/07 18:21:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/07 14:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Artweaver
[2008/12/07 14:46:43 | 00,000,000 | ---D | C] -- C:\Program Files\Artweaver 0.5
[2008/12/07 14:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Jasc Software Inc
[2008/12/07 14:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\Mes fichiers PSP
[2008/12/07 14:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Jasc Software Inc
[2008/12/07 14:07:21 | 00,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2008/12/07 13:53:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/12/07 11:38:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/04 21:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2008/12/04 21:15:08 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2008/12/04 21:15:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/04 21:15:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/04 21:02:46 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/12/04 21:02:46 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/12/04 21:02:30 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2008/12/03 23:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\SubliSoft
[2008/12/01 18:06:49 | 04,886,569 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\12Correspondances-pdf.axx
[2008/12/01 18:06:49 | 01,288,753 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\AxCrypt+tutorial.zip
[2008/12/01 18:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\AxCrypt+tutorial
[2008/12/01 15:10:42 | 00,000,000 | ---D | C] -- C:\Program Files\Axon Data
[2008/12/01 15:08:59 | 04,886,569 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Bureau\12Correspondances-pdf.axx
[2008/12/01 07:43:35 | 00,003,500 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\FAMP2.doc
[2008/11/30 17:17:34 | 01,001,984 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\FAMP.doc
[2008/11/28 21:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\Dell Webcam Center
[2008/11/28 21:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Creative
[2008/11/28 21:26:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/28 21:25:31 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/28 21:24:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/11/28 21:24:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/11/28 21:08:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Leadertech
[2008/11/28 21:07:16 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/28 21:07:16 | 00,025,056 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2008/11/28 21:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/11/28 21:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\LogiShrd
[2008/11/28 21:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2008/11/28 21:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2008/11/28 20:54:48 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2008/11/28 20:54:48 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/11/28 19:21:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/27 20:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Media Player Classic
[2008/11/27 20:13:16 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/27 20:13:15 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/27 20:13:14 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2008/11/27 20:13:14 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/27 20:13:14 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2008/11/27 20:13:14 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2008/11/27 20:13:14 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2008/11/27 20:13:13 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/27 20:13:13 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/27 20:13:13 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/11/27 20:13:12 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2008/11/27 20:13:11 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/27 20:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2008/11/26 14:44:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Journal Viewer
[2008/11/25 13:01:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/11/24 17:59:15 | 00,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/24 17:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\skypePM
[2008/11/24 17:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Skype
[2008/11/24 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2008/11/24 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2008/11/24 17:58:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/11/24 15:10:25 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/11/24 15:10:18 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/24 15:10:13 | 01,846,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/24 15:09:08 | 02,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/24 15:09:08 | 02,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/24 15:09:08 | 02,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/24 15:09:07 | 02,191,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/24 15:07:47 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/24 15:07:29 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/11/24 15:07:25 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/11/24 15:06:59 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/24 15:06:54 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/24 15:05:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/11/23 21:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Template
[2008/11/23 21:59:14 | 00,009,146 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Application Data\wklnhst.dat
[2008/11/23 20:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2008/11/23 20:40:01 | 00,000,017 | ---- | C] () -- C:\WINDOWS\System32\'
[2008/11/23 20:39:51 | 00,006,016 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\drivers\vnccom.SYS
[2008/11/23 20:39:45 | 00,012,800 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\vncdrv.dll
[2008/11/23 20:39:45 | 00,005,760 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\vnchelp.dll
[2008/11/23 20:39:45 | 00,004,736 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\drivers\vncdrv.sys
[2008/11/23 20:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2008/11/23 17:20:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2008/11/23 17:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2008/11/23 14:47:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/11/23 10:52:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\Mes Historiques de Conversation
[2008/11/23 10:37:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/11/23 09:57:39 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Mes documents\Mes dossiers de partage.lnk
[2008/11/23 09:56:06 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2008/11/23 09:56:03 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2008/11/23 09:56:03 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2008/11/23 09:55:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Mes documents\Mes fichiers reçus
[2008/11/23 09:55:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/11/23 09:55:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2008/11/23 00:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Bureau\Disque 1
[2008/11/23 00:15:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/11/23 00:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\SupportSoft
[2008/11/23 00:11:35 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/23 00:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\Philips
[2008/11/22 23:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\CyberLink
[2008/11/22 23:57:12 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2008/11/22 23:57:12 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/11/22 23:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/11/22 23:54:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/22 23:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\Mozilla
[2008/11/22 23:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Mozilla
[2008/11/22 23:54:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/11/22 23:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Macromedia
[2008/11/22 23:15:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ishadawn\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
File not found -- C:\Documents and Settings\Ishadawn\Bureau\Dél[1]. S.
[2008/12/21 23:35:49 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ishadawn\Bureau\OTViewIt.exe
[2008/12/21 23:35:02 | 00,126,724 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008/12/21 23:35:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/21 23:33:18 | 00,189,259 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/12/21 23:33:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/21 23:33:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/21 23:33:10 | 32,195,74784 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/21 23:33:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/12/21 23:33:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/12/21 22:56:30 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Internet Explorer - résolution de problèmes.url
[2008/12/21 22:56:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/21 21:54:59 | 00,506,698 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/12/21 21:54:59 | 00,438,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/21 21:54:59 | 00,084,354 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/12/21 21:54:59 | 00,071,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/21 21:54:58 | 01,113,158 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/21 21:49:02 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\IconCache.db
[2008/12/21 20:59:25 | 00,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008/12/21 20:55:15 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/21 20:51:00 | 22,148,280 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\antivir_workstation_winu_fr_h.exe
[2008/12/21 20:39:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/21 20:39:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/21 20:20:10 | 02,885,589 | R--- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\ComboFix.exe
[2008/12/21 20:02:43 | 00,001,522 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\UsbFix.lnk
[2008/12/21 20:02:15 | 00,726,134 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\UsbFix.exe
[2008/12/21 16:45:17 | 00,009,146 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Application Data\wklnhst.dat
[2008/12/21 16:45:16 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Développe[1]..doc
[2008/12/21 13:52:23 | 00,153,600 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Développe[1]...doc
[2008/12/21 13:51:32 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\Mes dossiers de partage.lnk
[2008/12/20 18:45:41 | 00,145,391 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\plan.jpg
[2008/12/19 09:14:28 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Entretien avec un fumeur.doc
[2008/12/18 21:00:38 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ishadawn\Bureau\mbam-setup.exe
[2008/12/18 20:45:43 | 09,860,828 | ---- | M] () -- C:\upload_moi_JEANNICK.tar.gz
[2008/12/18 20:32:19 | 02,884,875 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\ComboFix2.exe
[2008/12/18 20:24:54 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\HijackThis.lnk
[2008/12/18 20:24:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ishadawn\Bureau\HJTInstall.exe
[2008/12/17 11:51:25 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 03:42:24 | 00,126,724 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/12/15 16:12:46 | 00,000,002 | ---- | M] () -- C:\38773665
[2008/12/15 16:12:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2008/12/15 16:12:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2008/12/15 15:20:51 | 00,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/12 00:17:45 | 00,253,139 | ---- | M] (pdfforge.org) -- C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_343.exe
[2008/12/10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 23:38:20 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\Courtois2.doc
[2008/12/09 20:56:12 | 05,758,667 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Voyage Astral.mp3
[2008/12/09 20:28:36 | 64,401,452 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\ahccai.wav
[2008/12/09 20:00:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/09 20:00:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/08 18:21:49 | 00,000,033 | ---- | M] () -- C:\WINDOWS\System32\minsage
[2008/12/07 21:32:36 | 00,010,752 | -HS- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Ishadawn\Bureau\Thumbs.db:encryptable
[2008/12/04 21:16:26 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/01 15:57:08 | 00,003,500 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\FAMP2.doc
[2008/12/01 15:08:59 | 04,886,569 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\12Correspondances-pdf.axx
[2008/12/01 15:08:59 | 04,886,569 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Bureau\12Correspondances-pdf.axx
[2008/12/01 15:03:37 | 01,288,753 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\AxCrypt+tutorial.zip
[2008/11/30 17:17:44 | 01,001,984 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Mes documents\FAMP.doc
[2008/11/28 19:21:42 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/24 17:59:15 | 00,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/23 20:40:01 | 00,000,017 | ---- | M] () -- C:\WINDOWS\System32\'
[2008/11/23 17:21:11 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/23 09:56:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/23 09:56:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/22 23:54:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/11/22 23:32:29 | 00,000,134 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/11/22 23:14:56 | 00,000,131 | ---- | M] () -- C:\Documents and Settings\Ishadawn\Local Settings\Application Data\fusioncache.dat
< End of report >

Rapport Extras :

OTViewIt Extras logfile created on: 21/12/2008 23:36:44 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Ishadawn\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,77 Gb Total Space | 146,35 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 93,16 Gb Total Space | 61,86 Gb Free Space | 66,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANNICK
Current User Name: Ishadawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/07/17 15:44:52 | 00,364,544 | ---- | M] (www.ultravnc.fr) -- C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:Serveur VNC pour Win32
[2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2007/11/30 01:12:40 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2007/12/20 11:05:54 | 01,421,312 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2007/10/31 14:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2002/06/04 15:23:10 | 09,797,632 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX
[2008/12/19 08:44:09 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/11/11 02:34:02 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/11/18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2002/05/24 09:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole

Bonsoir,

Le rapport extras.txt est incomplet. Reposte-le.

Le système est encore très infecté. Je te ferais une procédure ce soir.


A plus tard.

Ah désolé. Pour le moment en tout cas, çà commence à aller mieux. L'ordi ne fige plus, je n'ai plus le DNS persistant et j'ai pu faire un windows update (sauf IE7 qui n'arrive pas à s'installer).
De plus je te joins un rapport Hijack pour un ordinateur connecté sur le même réseau ; dis moi si tu y vois une activité anormale sachant qu'a priori il va bien (peut être un peu ralenti par rapport à sa puissance) qui pourrait être une source de danger.


Rapport Extras :

OTViewIt Extras logfile created on: 21/12/2008 23:36:44 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Ishadawn\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,77 Gb Total Space | 146,35 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 93,16 Gb Total Space | 61,86 Gb Free Space | 66,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANNICK
Current User Name: Ishadawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/07/17 15:44:52 | 00,364,544 | ---- | M] (www.ultravnc.fr) -- C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:Serveur VNC pour Win32
[2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2007/11/30 01:12:40 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2007/12/20 11:05:54 | 01,421,312 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2007/10/31 14:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2002/06/04 15:23:10 | 09,797,632 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX
[2008/12/19 08:44:09 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/11/11 02:34:02 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/11/18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2002/05/24 09:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2002/05/24 09:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2002/05/24 09:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/11/28 03:57:10 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/11/18 16:31:04 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}"=Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}"=Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}"=Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}"=Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}"=HPPhotoSmartPhotobookWebPack1
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}"=GPBaseService
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}"=Modem Diagnostics Tool
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}"=Live! Cam Avatar
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1"=Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}"=PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}"=HPProductAssistant
"{3B160861-7250-451E-B5EE-8B92BF30A710}"=Microsoft Works
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Visionneuse Journal Windows Microsoft
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}"=Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}"=C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}"=SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}"=DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}"=TrayApp
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6444D9D9-CD6C-4464-B970-55C606C944DC}"=Logitech QuickCam
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}"=DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}"=OpenOffice.org 3.0
"{687FEF8A-8597-40b4-832C-297EA3F35817}"=BufferChm
"{6901DD22-527A-41EF-9059-E81FEDE9E494}"=Windows Presentation Foundation Language Pack (FRA)
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}"=PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}"=PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{80533B67-C407-485D-8B5D-63BB8ED9D878}"=Scan
"{83FFCFC7-88C6-41C6-8752-958A45325C82}"=Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}"=UnloadSupport
"{8B4AB829-DFD3-436D-B808-D9733D76C590}"=Macromedia Dreamweaver MX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Sonic CinePlayer Decoder Pack
"{90120000-0020-040C-0000-0000000FF1CE}"=Module de compatibilité pour Microsoft Office System 2007
"{95120000-00AF-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (French)
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}"=PS_AIO_03_C4400_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}"=Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}"=SolutionCenter
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A8AD990E-355A-4413-8647-A9B168978423}_is1"=UltraVNC v1.0.2 Fr
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A90000000001}"=Adobe Reader 9 - Français
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}"=Windows Communication Foundation Language Pack - FRA
"{B7908330-93A8-4DB1-B6EE-6B0446E26939}"=Voice Tracer
"{B84C141C-9A13-44BE-9A69-301D7B11D836}"=Windows Workflow Foundation FR Language Pack
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}"=HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}"=HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C9CE9393-B568-428D-AD5B-55452B9748DB}"=PS_AIO_03_C4400_ProductContext
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}"=WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}"=MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}"=Destination Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}"=VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}"=Microsoft .NET Framework 3.0 French Language Pack
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}"=Microsoft .NET Framework 2.0 Language Pack - FRA
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}"=Copy
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}"=Windows Live Messenger
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}"=C4400_Help
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9
"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}"=HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Advanced Video FX Engine"=Advanced Video FX Engine
"antivir personaledition classic"=Avira AntiVir Personal - Free Antivirus
"Audacity_is1"=Audacity 1.2.6
"AxCrypt"=AxCrypt (Désinstaller uniquement)
"Broadcom 802.11b Network Adapter"=Utilitaire de la carte réseau local sans fil Wireless de Dell
"Creative OEM013"=Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center"=Dell Webcam Center
"Dell Webcam Manager"=Dell Webcam Manager
"Foxit Reader"=Foxit Reader
"Google Desktop"=Google Desktop
"hijackthis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 10.0
"HP Photosmart Essential"=HP Photosmart Essential 2.5
"HP Smart Web Printing"=HP Smart Web Printing
"HP Solution Center & Imaging Support Tools"=HP Solution Center 10.0
"HPExtendedCapabilities"=HP Customer Participation Program 10.0
"HPOCR"=OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.3.1 (Full)
"lvdrivers_11.70"=Coffret de pilotes Logitech QuickCam
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - FRA"=Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 French Language Pack"=Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PDFCreator Toolbar"=PDFCreator Toolbar
"SearchAssist"=SearchAssist
"Shop for HP Supplies"=Shop for HP Supplies
"SRS Ripper"=SRS Ripper
"Subliminal Recording System 5.1"=Subliminal Recording System 5.1
"Subliminal Visualizer Pro"=Subliminal Visualizer Pro
"Sublisoft_is1"=version 2
"usbfix"=UsbFix
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinRAR archiver"=Archiveur WinRAR
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/12/2008 16:03:17 | Computer Name = JEANNICK | Source = Internet Explorer 7 Disk | ID = 921877
Description =

Error - 15/12/2008 16:08:54 | Computer Name = JEANNICK | Source = Application Error | ID = 1000
Description = Application défaillante services.exe, version 5.1.2600.5512, module
défaillant services.exe, version 5.1.2600.5512, adresse de défaillance 0x00009750.

Error - 15/12/2008 16:17:58 | Computer Name = JEANNICK | Source = Application Error | ID = 1000
Description = Application défaillante services.exe, version 5.1.2600.5512, module
défaillant services.exe, version 5.1.2600.5512, adresse de défaillance 0x00009750.

Error - 15/12/2008 16:28:25 | Computer Name = JEANNICK | Source = Application Error | ID = 1000
Description = Application défaillante services.exe, version 5.1.2600.5512, module
défaillant services.exe, version 5.1.2600.5512, adresse de défaillance 0x00009750.

Error - 15/12/2008 16:51:51 | Computer Name = JEANNICK | Source = Application Hang | ID = 1002
Description = Application bloquée rundll32.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/12/2008 17:20:03 | Computer Name = JEANNICK | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 8.1.178.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 17/12/2008 05:24:30 | Computer Name = JEANNICK | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.67 pour la carte réseau dont l'adresse
réseau est 00234D8157F9 a été refusé par le serveur DHCP 192.168.2.1 (celui-ci a
envoyé un message DHCPNACK).

Error - 17/12/2008 05:26:05 | Computer Name = JEANNICK | Source = DCOM | ID = 10010
Description = Le serveur {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 17/12/2008 06:46:52 | Computer Name = JEANNICK | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 17/12/2008 14:45:21 | Computer Name = JEANNICK | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 17/12/2008 14:49:27 | Computer Name = JEANNICK | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.2.9 pour la carte réseau dont l'adresse
réseau est 00234D8157F9 a été refusé par le serveur DHCP 192.168.0.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 17/12/2008 15:46:37 | Computer Name = JEANNICK | Source = DCOM | ID = 10010
Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 17/12/2008 15:51:50 | Computer Name = JEANNICK | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 18/12/2008 08:20:54 | Computer Name = JEANNICK | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC : Le contrôleur intégré du matériel n'a pas répondu
dans les délais impartis. Ceci pourrait indiquer une erreur dans le contrôleur
intégré du matériel ou des logiciels, ou probablement un BIOS mal conçu accédant
au contrôleur intégré d'une manière non sécurisée. Le pilote du contrôleur intégré
va tenter à nouveau la transaction non réussie.

Error - 18/12/2008 08:22:06 | Computer Name = JEANNICK | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 18/12/2008 08:48:35 | Computer Name = JEANNICK | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.


< End of report >


Rapport HiJack ordi n°2 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:25, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTAPR.exe
C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsnJKz/X5Xz(...)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.xbook-computer.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 13490 bytes

Bonsoir,


1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


3) Télécharge Malwarebytes Anti-Malware.


4) Installe-le et fais les mises à jour.


5) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


Pour le deuxième ordinateur, je l'examinerai après la désinfection du 1er.


A plus tard.

L'ordi semble fonctionner normalement maintenant. Je ne sais pas s'il y a autre chose qui reste caché.

Rapport Combofix :

ComboFix 08-12-21.01 - Ishadawn 2008-12-22 23:31:25.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2537 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ishadawn\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Ishadawn\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\Ishadawn\Application Data\wklnhst.dat
c:\documents and settings\Ishadawn\Local Settings\Application Data\fusioncache.dat
C:\upload_moi_JEANNICK.tar.gz
c:\windows\System32\drivers\logiflt.iad
c:\windows\System32\drivers\lvuvc.hs
c:\windows\System32\ezsidmv.dat
c:\windows\WMSysPr9.prx
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\38773665\
c:\documents and settings\All Users\Application Data\Grisoft
c:\documents and settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\kis.en.msi
c:\documents and settings\Ishadawn\Application Data\wklnhst.dat
c:\documents and settings\Ishadawn\Local Settings\Application Data\fusioncache.dat
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\Setup\setup.ini
c:\program files\Grisoft
c:\program files\Grisoft\AVG Anti-Spyware 7.5\campaign.dll
C:\upload_moi_JEANNICK.tar.gz
c:\windows\System32\drivers\logiflt.iad
c:\windows\System32\drivers\lvuvc.hs
c:\windows\System32\ezsidmv.dat
c:\windows\WMSysPr9.prx

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 00:05 . 2008-12-22 00:05 <REP> d-------- c:\program files\Windows Media Connect 2
2008-12-22 00:03 . 2008-12-22 00:04 <REP> d-------- c:\windows\system32\drivers\UMDF
2008-12-21 20:59 . 2008-12-21 20:59 <REP> d-------- c:\program files\Avira
2008-12-21 20:59 . 2008-12-21 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-21 20:02 . 2008-12-21 20:18 <REP> d-------- c:\program files\UsbFix
2008-12-18 21:02 . 2008-12-18 21:02 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Malwarebytes
2008-12-18 21:01 . 2008-12-18 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 20:24 . 2008-12-18 20:24 <REP> d-------- c:\program files\Trend Micro
2008-12-15 16:10 . 2008-12-15 16:12 2 --a------ C:\38773665
2008-12-15 00:10 . 2008-12-15 00:10 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\OpenOffice.org
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\OpenOffice.org 3
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\JRE
2008-12-14 21:34 . 2008-12-22 23:33 <REP> d-------- c:\program files\DNA
2008-12-14 21:34 . 2008-12-14 21:34 <REP> d-------- c:\program files\BitTorrent
2008-12-14 21:34 . 2008-12-22 23:33 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\DNA
2008-12-14 21:34 . 2008-12-15 15:27 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\BitTorrent
2008-12-14 17:55 . 2008-12-14 17:55 <REP> d-------- c:\program files\Foxit Software
2008-12-14 03:25 . 2008-12-14 03:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Macromedia
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-12-14 00:13 . 2008-12-14 00:13 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Roxio
2008-12-12 14:45 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator Toolbar
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator
2008-12-12 00:17 . 2008-12-12 00:17 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_343.exe
2008-12-12 00:17 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2008-12-12 00:17 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-12 00:17 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-12-12 00:17 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-12 00:17 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2008-12-12 00:17 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\windows\speech
2008-12-09 20:00 . 2008-12-09 20:01 <REP> d-------- c:\program files\Subliminal Visualizer Pro
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\program files\SRSRipper
2008-12-09 20:00 . 2008-12-09 20:53 <REP> d-------- c:\program files\SRS5-1XP
2008-12-09 20:00 . 2003-08-27 23:13 1,101,824 --a------ c:\windows\system32\vbskpro.ocx
2008-12-09 20:00 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-09 20:00 . 2000-05-22 00:00 608,448 --a------ c:\windows\system32\ComCtl32.ocx
2008-12-09 20:00 . 2002-11-29 16:07 503,808 --a------ c:\windows\system32\DXVUMeter.ocx
2008-12-09 20:00 . 2000-12-06 00:00 415,176 --a------ c:\windows\system32\Comct332.ocx
2008-12-09 20:00 . 1998-04-24 20:08 368,912 --a------ c:\windows\system32\vbar332.dll
2008-12-09 20:00 . 2000-05-22 00:00 203,976 --a------ c:\windows\system32\RichTx32.ocx
2008-12-09 20:00 . 2001-09-28 17:00 164,864 --a------ c:\windows\UNWISE.EXE
2008-12-09 20:00 . 2000-03-13 05:00 118,784 --a------ c:\windows\system32\Msstdfmt.dll
2008-12-09 20:00 . 2003-05-21 06:47 49,152 --a------ c:\windows\system32\mp3enc.dll
2008-12-09 20:00 . 2000-06-13 16:06 32,768 --a------ c:\windows\system32\prjKnob.ocx
2008-12-08 18:21 . 2008-12-08 18:26 <REP> d-------- c:\program files\MB Free Subliminal Message Software
2008-12-08 18:21 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-08 18:21 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\Tabctl32.ocx
2008-12-08 18:21 . 2001-03-13 14:49 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-08 18:21 . 2008-12-08 18:21 33 --a------ c:\windows\system32\minsage
2008-12-07 21:58 . 2008-12-07 22:45 <REP> d-------- c:\program files\Audacity
2008-12-07 18:21 . 2008-12-07 18:21 <REP> d-------- c:\windows\Sun
2008-12-07 14:46 . 2008-12-07 18:23 <REP> d-------- c:\program files\Artweaver 0.5
2008-12-07 14:46 . 2008-12-07 14:46 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Artweaver
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\program files\Fichiers communs\Jasc Software Inc
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Jasc Software Inc
2008-12-07 14:07 . 2008-12-07 14:09 <REP> d-------- c:\program files\Jasc Software Inc
2008-12-07 13:53 . 2008-12-07 13:53 <REP> d--h----- c:\windows\PIF
2008-12-07 11:38 . 2008-12-07 11:38 <REP> d-------- c:\program files\MSXML 4.0
2008-12-05 08:44 . 2008-12-22 11:40 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HPAppData
2008-12-04 21:17 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HP
2008-12-04 21:15 . 2008-12-04 21:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-04 21:15 . 2007-10-30 10:22 970,752 -ra------ c:\windows\system32\hpotiop6.dll
2008-12-04 21:15 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-04 21:15 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-04 21:15 . 2007-10-30 10:22 303,104 -ra------ c:\windows\system32\hpovst14.dll
2008-12-04 21:15 . 2008-02-12 04:49 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-04 21:15 . 2008-02-07 10:26 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-04 21:15 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-04 21:15 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-12-04 21:15 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\HP
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-04 21:04 . 2008-12-04 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-04 21:02 . 2008-12-04 21:04 <REP> d-------- c:\program files\HP
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-04 21:00 . 2008-12-04 21:17 177,936 --a------ c:\windows\hpoins29.dat
2008-12-04 21:00 . 2008-02-20 05:36 986 --------- c:\windows\hpomdl29.dat
2008-12-03 23:39 . 2008-12-03 23:39 <REP> d-------- c:\program files\SubliSoft
2008-12-01 15:10 . 2008-12-01 15:10 <REP> d-------- c:\program files\Axon Data
2008-11-28 21:30 . 2008-11-28 21:30 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Creative
2008-11-28 21:24 . 2008-02-06 03:21 4,658,456 -ra------ c:\windows\system32\drivers\lvuvc.sys
2008-11-28 21:24 . 2008-02-06 03:21 490,008 -ra------ c:\windows\system32\LVUI2.dll
2008-11-28 21:24 . 2008-02-06 03:21 465,432 -ra------ c:\windows\system32\LVUI2RC.dll
2008-11-28 21:24 . 2008-02-06 03:18 416,280 -ra------ c:\windows\system32\lvcodec2.dll
2008-11-28 21:08 . 2008-11-28 21:08 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Leadertech
2008-11-28 21:07 . 2008-02-06 03:18 195,096 --a------ c:\windows\system32\lvci11701196.dll
2008-11-28 21:07 . 2008-02-06 02:37 66,482 -ra------ c:\windows\system32\lvcoinst.ini
2008-11-28 21:07 . 2008-02-06 03:21 41,752 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2008-11-28 21:07 . 2008-02-06 02:40 25,056 -ra------ c:\windows\system32\Repository.reg
2008-11-28 21:06 . 2008-02-06 03:21 23,832 -ra------ c:\windows\system32\drivers\lvuvcflt.sys
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\program files\Logitech
2008-11-28 21:05 . 2008-11-28 21:07 <REP> d-------- c:\program files\Fichiers communs\LogiShrd
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-28 21:05 . 2008-12-22 23:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-28 19:21 . 2008-11-28 19:21 754 --a------ c:\windows\WORDPAD.INI
2008-11-27 20:15 . 2008-11-27 20:15 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Media Player Classic
2008-11-27 20:13 . 2008-11-27 20:13 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-26 14:44 . 2008-11-26 14:44 <REP> d-------- c:\program files\Windows Journal Viewer
2008-11-25 13:01 . 2008-12-22 00:03 <REP> d-------- c:\windows\system32\LogFiles
2008-11-24 17:59 . 2008-12-20 18:35 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\skypePM
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-24 17:58 . 2008-12-20 19:22 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-24 15:10 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-24 15:10 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-24 15:10 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-24 15:09 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-24 15:07 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-24 15:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-24 15:07 . 2008-05-01 15:36 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-24 15:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 15:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-14 02:25 --------- d-----w c:\program files\Java
2008-12-13 23:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 23:28 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-31 18:32 --------- d-----w c:\documents and settings\Ishadawn\Application Data\Dell
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\WEBREG ----

2008-12-04 21:17 243 --a------ c:\documents and settings\All Users\Application Data\WEBREG\WebRegData.xml

---- Directory of c:\program files\SRS5-1XP ----

2008-12-09 20:53 600 --a------ c:\program files\SRS5-1XP\freq1.wav
2008-12-09 20:53 580 --a------ c:\program files\SRS5-1XP\freq2.wav
2004-01-02 00:04 2008 --a------ c:\program files\SRS5-1XP\biohelp.html
2004-01-01 23:53 700416 --a------ c:\program files\SRS5-1XP\Subliminal_Recording_System_5.exe
2003-12-30 13:37 26445 --a------ c:\program files\SRS5-1XP\help.html
2003-06-05 14:40 10253 --a------ c:\program files\SRS5-1XP\Licence.rtf
2003-06-04 20:22 32502 --a------ c:\program files\SRS5-1XP\skins\Red.bmp
2003-05-17 12:11 32502 --a------ c:\program files\SRS5-1XP\skins\Green Neon.bmp
2003-05-17 12:10 32502 --a------ c:\program files\SRS5-1XP\skins\Cyan Neon.bmp
2003-05-17 12:08 32502 --a------ c:\program files\SRS5-1XP\skins\Red Neon.bmp
2003-05-17 12:07 32502 --a------ c:\program files\SRS5-1XP\skins\Purple Neon.bmp
2003-05-17 12:06 32502 --a------ c:\program files\SRS5-1XP\skins\Blue Neon.bmp
2003-05-17 12:04 32502 --a------ c:\program files\SRS5-1XP\skins\Yellow Neon.bmp
2003-05-02 18:28 32502 --a------ c:\program files\SRS5-1XP\skins\Blue and Orange.bmp
2003-05-01 17:48 32502 --a------ c:\program files\SRS5-1XP\skins\WEB.bmp
2003-03-19 20:38 32502 --a------ c:\program files\SRS5-1XP\skins\Rose.bmp
2003-03-19 20:38 32502 --a------ c:\program files\SRS5-1XP\skins\Periwinkle.bmp
2003-01-29 14:30 32502 --a------ c:\program files\SRS5-1XP\skins\Bronze.bmp
2003-01-28 20:39 32502 --a------ c:\program files\SRS5-1XP\skins\Ghost.bmp
2003-01-28 18:35 32502 --a------ c:\program files\SRS5-1XP\skins\Digital.bmp
2003-01-27 17:58 32502 --a------ c:\program files\SRS5-1XP\skins\Gemini.bmp
2003-01-27 04:55 32502 --a------ c:\program files\SRS5-1XP\skins\NoBar.bmp
2003-01-25 16:47 32502 --a------ c:\program files\SRS5-1XP\skins\Noir.bmp
2002-11-29 20:54 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Green 5.bmp
2002-11-29 20:49 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Orange.bmp
2002-11-29 20:41 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Green 2.bmp
2002-11-26 18:01 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 8.bmp
2002-11-26 18:01 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 7.bmp
2002-11-26 18:00 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 5.bmp
2002-11-26 17:44 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 6.bmp
2002-11-25 14:01 32502 --a------ c:\program files\SRS5-1XP\skins\Ligth Win in Blue 1.bmp
2002-11-25 03:03 32502 --a------ c:\program files\SRS5-1XP\skins\Ligth Win in Blue 2.bmp
2002-11-25 01:59 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 4.bmp
2002-11-25 01:59 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 3.bmp
2002-11-25 01:42 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Dwelt.bmp
2002-11-25 01:23 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 2.bmp
2002-11-25 01:13 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Green 1.bmp
2002-11-25 01:12 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Green 3.bmp
2002-11-25 01:09 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Green 4.bmp
2002-11-25 01:08 32502 --a------ c:\program files\SRS5-1XP\skins\Dark Win in Blue 1.bmp
2002-11-23 07:34 32502 --a------ c:\program files\SRS5-1XP\skins\Blue Sky.bmp
2002-11-23 00:55 32502 --a------ c:\program files\SRS5-1XP\skins\Pacific Night.bmp
2002-11-22 19:57 32502 --a------ c:\program files\SRS5-1XP\skins\Pacific Evening.bmp
2002-11-22 19:30 32502 --a------ c:\program files\SRS5-1XP\skins\Pacific Sunset.bmp
2002-11-20 21:23 32502 --a------ c:\program files\SRS5-1XP\skins\Yellow.bmp
2002-11-20 21:06 32502 --a------ c:\program files\SRS5-1XP\skins\Dwelt.bmp
2002-11-20 20:52 32502 --a------ c:\program files\SRS5-1XP\skins\Autumn.bmp
2002-11-18 06:38 32502 --a------ c:\program files\SRS5-1XP\skins\Ligth Green.bmp
2002-11-18 06:25 32502 --a------ c:\program files\SRS5-1XP\skins\Red & Yellow.bmp
2002-11-18 05:49 32502 --a------ c:\program files\SRS5-1XP\skins\Violet & Brown.bmp
2002-11-15 16:35 32502 --a------ c:\program files\SRS5-1XP\skins\Depressed.bmp
2002-11-14 22:37 32502 --a------ c:\program files\SRS5-1XP\skins\Ocean Nights.bmp
2002-10-08 23:29 32502 --a------ c:\program files\SRS5-1XP\skins\Silver.bmp
2002-10-08 23:29 32502 --a------ c:\program files\SRS5-1XP\skins\Gray.bmp
2002-08-21 22:08 32502 --a------ c:\program files\SRS5-1XP\skins\Omega.bmp
2002-07-15 03:37 32502 --a------ c:\program files\SRS5-1XP\skins\Simile XP Red.bmp
2002-07-15 03:36 32502 --a------ c:\program files\SRS5-1XP\skins\Simile XP Green.bmp
2002-07-15 03:35 32502 --a------ c:\program files\SRS5-1XP\skins\Simile XP Blue.bmp
2002-03-25 22:32 208896 --a------ c:\program files\SRS5-1XP\Lame_enc.dll

---- Directory of c:\windows\PIF ----


---- Directory of c:\windows\System32\minsage ----

c:\windows\System32\minsage\


((((((((((((((((((((((((((((( snapshot@2008-12-21_20.41.18.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 18:09:13 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-12-21 23:12:43 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-04-25 18:09:15 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-12-21 23:12:47 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-25 18:11:21 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-12-21 23:14:34 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-04-25 18:09:15 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-21 23:12:31 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-04-25 18:11:39 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-12-21 23:14:40 4,174,336 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2008-04-25 18:09:16 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-12-21 23:12:49 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-25 18:09:14 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-12-21 23:12:37 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-04-25 18:09:12 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-12-21 23:12:51 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-04-25 18:09:12 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-12-21 23:12:51 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-04-25 18:11:40 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-12-21 23:14:39 346,624 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-04-25 18:09:17 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-12-21 23:12:47 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-04-25 18:09:14 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-12-21 23:12:35 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-04-25 18:09:13 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-12-21 23:12:41 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-25 18:09:11 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-12-21 23:12:36 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-04-25 18:09:12 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-12-21 23:12:42 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-25 18:09:15 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-12-21 23:12:45 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-25 18:09:15 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-12-21 23:12:45 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-25 18:09:15 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-12-21 23:12:46 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-04-25 18:09:12 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-12-21 23:12:51 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-25 18:09:12 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-12-21 23:12:51 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-25 18:09:12 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-12-21 23:12:52 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-04-25 18:09:12 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-12-21 23:12:52 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-04-25 18:09:12 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-12-21 23:12:46 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-25 18:11:21 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-12-21 23:14:34 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-04-25 18:09:17 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-12-21 23:12:45 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-25 18:09:17 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-12-21 23:12:44 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-04-25 18:09:11 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-12-21 23:12:49 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-25 18:09:17 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-12-21 23:12:44 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-25 18:09:17 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-12-21 23:12:33 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-25 18:09:11 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-12-21 23:12:50 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-04-25 18:09:11 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-12-21 23:12:43 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-25 18:09:11 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-12-21 23:12:43 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-25 18:11:39 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-12-21 23:14:30 602,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2008-04-25 18:11:39 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-12-21 23:14:41 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2008-04-25 18:11:40 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-12-21 23:14:38 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2008-04-25 18:11:39 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-12-21 23:14:38 131,072 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2008-04-25 18:11:39 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-12-21 23:14:37 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2008-04-25 18:11:39 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-12-21 23:14:37 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2008-04-25 18:11:39 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-12-21 23:14:35 5,210,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2008-04-25 18:11:39 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-12-21 23:14:35 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2008-04-25 18:11:40 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-12-21 23:14:39 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2008-04-25 18:11:21 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-12-21 23:14:34 102,400 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-04-25 18:09:16 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-12-21 23:12:46 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-04-25 18:09:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-12-21 23:12:47 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-25 18:09:16 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-12-21 23:12:36 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-04-25 18:09:16 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-12-21 23:12:38 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-04-25 18:09:12 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-12-21 23:12:38 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-04-25 18:09:15 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-12-21 23:12:53 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-04-25 18:09:13 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-12-21 23:12:52 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-25 18:09:13 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-12-21 23:12:41 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-04-25 18:09:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-12-21 23:12:50 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-25 18:09:17 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-12-21 23:12:33 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-04-25 18:11:21 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-12-21 23:14:42 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2008-04-25 18:11:21 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-12-21 23:14:42 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2008-04-25 18:11:22 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-12-21 23:14:33 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2008-04-25 18:09:16 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-12-21 23:12:50 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-04-25 18:09:17 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-12-21 23:12:49 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-25 18:09:16 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-12-21 23:12:48 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-04-25 18:09:16 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-12-21 23:12:48 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-04-25 18:11:22 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-12-21 23:14:33 929,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-04-25 18:09:13 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-12-21 23:12:34 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-04-25 18:11:24 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-12-21 23:14:31 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2008-04-25 18:11:24 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-12-21 23:14:31 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2008-04-25 18:11:22 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-12-21 23:14:32 5,971,968 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2008-04-25 18:09:13 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-12-21 23:12:34 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-25 18:11:40 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-12-21 23:14:30 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-04-25 18:09:17 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-12-21 23:12:40 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-04-25 18:09:14 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-12-21 23:12:40 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-04-25 18:09:14 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-12-21 23:12:39 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-04-25 18:09:14 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-12-21 23:12:42 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-04-25 18:15:11 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-12-21 23:14:42 1,152,040 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2008-04-25 18:15:12 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-12-21 23:14:41 1,635,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2008-04-25 18:15:12 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-12-21 23:14:42 578,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2008-04-25 18:09:14 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-12-21 23:12:34 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-04-25 18:09:16 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-12-21 23:12:39 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2008-04-25 18:11:39 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-12-21 23:14:30 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2008-04-25 18:11:39 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-12-21 23:14:30 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2008-04-25 18:11:39 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-12-21 23:14:39 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2008-04-25 18:11:39 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-12-21 23:14:39 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2008-04-25 18:11:39 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-12-21 23:14:38 1,204,224 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2008-04-25 18:11:40 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-21 23:14:30 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-21 23:18:13 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-12-22 11:51:15 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-12-22 11:51:59 503,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2008-12-22 11:52:07 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-12-22 11:51:58 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-12-22 11:52:08 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-12-22 11:52:08 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-12-22 11:52:11 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-12-22 11:52:11 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-12-22 11:52:02 1,232,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2008-12-22 11:52:03 401,408 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-12-22 11:52:14 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-12-21 23:18:15 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-12-21 23:15:40 11,722,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-12-22 11:52:17 1,581,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2008-12-21 23:18:40 40,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2008-12-21 23:18:39 12,570,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2008-12-21 23:15:50 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2008-12-21 23:20:00 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2008-12-21 23:20:02 552,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2008-12-21 23:19:12 15,036,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2008-12-21 23:20:03 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2008-12-21 23:20:01 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2008-12-21 23:19:16 2,035,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2008-12-21 23:19:20 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2008-12-22 11:52:04 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2008-12-22 11:52:04 299,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2008-12-22 11:52:05 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2008-12-22 11:52:28 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-12-21 23:17:59 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-12-21 23:15:54 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-12-21 23:19:58 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-12-21 23:17:56 2,756,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-12-21 23:19:30 7,049,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-12-21 23:18:15 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-12-21 23:19:55 10,969,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-12-21 23:19:23 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-12-21 23:19:59 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-12-21 23:19:56 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-12-21 23:18:01 1,667,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-12-21 23:19:32 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-12-21 23:19:32 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-12-22 11:51:20 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2008-12-22 11:51:19 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2008-12-22 11:51:21 417,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2008-12-22 11:52:47 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-12-21 23:19:22 1,134,592 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-12-21 23:19:33 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-12-21 23:18:00 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-12-22 11:51:25 2,445,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2008-12-21 23:17:58 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-12-22 11:51:56 18,071,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2008-12-21 23:15:52 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-12-22 11:52:28 2,039,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2008-12-21 23:19:31 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-12-22 11:52:32 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-12-21 23:19:58 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-12-21 23:19:47 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-12-21 23:19:45 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-12-21 23:18:13 13,193,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-12-22 11:52:38 3,084,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2008-12-22 11:52:43 4,579,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2008-12-22 11:52:46 2,088,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2008-12-21 23:17:52 5,771,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-12-21 23:15:49 8,265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-12-22 11:52:49 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2008-12-22 11:52:51 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2008-12-21 23:18:39 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2008-12-21 23:18:40 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2008-12-21 23:18:19 3,395,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2008-12-22 11:52:55 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2008-12-22 11:52:06 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- 2008-04-14 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w c:\windows\inf\unregmp2.exe
- 2005-09-23 19:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 00:47:38 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 19:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 00:47:38 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 19:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 00:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 19:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 00:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 19:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-24 00:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 19:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 00:47:38 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 19:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 00:47:26 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 19:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 00:47:30 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 19:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 00:47:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 19:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 00:47:48 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 19:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 00:47:20 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 19:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 00:47:40 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 19:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 00:47:42 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 19:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 00:47:26 99,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 19:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 00:47:42 59,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 19:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 00:47:22 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 19:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 00:47:22 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 19:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 00:47:22 17,928 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 19:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 00:47:22 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 19:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 00:47:22 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 19:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 00:47:22 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 19:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 00:47:22 32,776 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 19:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 00:47:22 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 19:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 00:47:22 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 19:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 00:47:22 33,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 19:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 00:47:22 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 19:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 00:47:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 19:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 00:47:40 101,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 19:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 00:47:30 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 19:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 00:47:30 1,162,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 19:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 00:47:30 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 19:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 00:47:42 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 19:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 00:47:40 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 19:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 00:47:30 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 19:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 00:47:28 66,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2005-09-23 19:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 00:47:28 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 19:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 00:47:54 572,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 19:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 00:47:40 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 19:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 00:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 19:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 00:47:40 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 19:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 00:47:40 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 19:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 00:47:40 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 19:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-24 00:47:40 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 19:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 00:47:40 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 19:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 00:47:40 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 19:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-24 00:47:40 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 19:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 00:47:40 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 19:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 00:47:34 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 19:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 00:47:36 348,160 ----a-w c:\windows\Micros

+ 2007-10-24 00:47:36 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 19:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 00:47:36 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 19:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 00:47:36 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 19:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 00:47:36 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 19:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 00:47:34 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 19:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 00:47:52 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 19:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 00:47:52 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 19:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 00:47:50 671,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 19:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 00:47:20 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 19:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 00:47:52 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 19:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-24 00:47:20 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 19:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 00:47:20 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 19:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 00:47:20 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 19:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-24 00:47:22 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 19:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 00:47:36 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 19:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 00:47:40 822,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 19:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 00:47:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 19:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 00:47:40 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2005-09-23 19:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 00:47:40 47,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 19:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 00:47:40 348,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 19:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 00:47:40 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2005-09-23 19:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 00:47:40 4,444,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 19:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 00:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 19:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 00:47:44 340,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 19:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 00:47:40 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 19:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 00:47:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2005-09-23 19:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 00:47:40 242,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 19:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 00:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 19:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 00:47:40 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2005-09-23 19:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 00:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 19:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 00:47:44 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 19:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 00:47:40 101,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 19:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 00:47:40 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 19:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 00:47:40 89,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2005-09-23 19:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 00:47:36 144,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 19:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 00:47:40 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 19:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 00:47:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 19:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 00:47:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 19:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 00:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 19:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 00:47:40 119,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 19:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 00:47:44 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2005-09-23 19:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 00:47:40 392,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 19:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 00:47:40 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 19:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 00:47:42 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 19:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 00:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 19:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 00:47:40 3,036,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 19:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 00:47:40 483,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 19:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 00:47:40 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 19:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 00:47:28 933,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 19:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 00:47:40 5,070,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 19:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 00:47:40 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2005-09-23 19:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 00:47:40 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 19:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 00:47:40 3,076,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 19:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 00:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 19:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 00:47:40 630,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 19:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 19:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 00:47:40 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 19:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-24 00:47:40 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 19:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 00:47:40 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 19:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 19:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 00:47:40 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 19:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 00:47:40 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 19:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 19:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 00:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 19:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 00:47:40 261,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 19:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 00:47:40 5,431,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 19:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 00:47:40 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 19:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 00:47:40 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 19:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 00:47:40 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 19:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 00:47:40 5,013,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 19:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 00:47:40 2,068,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 19:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 00:47:40 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2005-09-23 19:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 00:47:48 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 19:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 00:47:20 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 19:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 00:47:22 434,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 19:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-24 00:47:40 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2006-10-30 15:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-11 08:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-30 15:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 08:55:10 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-30 15:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-11 08:55:12 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
- 2006-10-30 15:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-11 08:55:12 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
- 2006-10-30 15:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-10-11 08:55:14 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
- 2006-10-30 15:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-11 08:55:14 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-30 15:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-11 08:55:14 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
- 2006-10-30 15:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-11 08:55:14 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
- 2006-10-30 15:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 08:55:14 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-30 15:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-11 08:55:14 929,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2006-10-30 15:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2007-10-11 08:55:14 5,971,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2006-10-30 15:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-11 08:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
- 2006-10-30 15:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-11 08:55:14 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2006-10-30 15:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 08:55:14 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-07-26 09:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-06 02:18:12 16,936 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- 2006-10-21 09:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-09 12:03:00 76,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
- 2006-10-21 09:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 11:58:12 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2006-10-21 09:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 11:58:12 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-21 09:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-10-09 12:03:08 121,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2006-10-21 09:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 11:58:14 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
- 2006-10-21 09:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 11:58:20 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2008-04-14 12:00:00 8,704 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-18 20:47:08 276,992 ------w c:\windows\system32\audiodev.dll
- 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2005-09-23 19:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
+ 2007-10-24 00:47:28 96,760 ----a-w c:\windows\system32\dfshim.dll
- 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2007-03-22 19:24:58 28,160 -c----w c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
- 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-10-16 01:01:39 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:02:12 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2007-03-22 19:25:42 677,376 -c----w c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
- 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-06-10 06:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2007-03-23 05:07:54 583,504 -c----w c:\windows\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 05:07:56 1,683,280 -c----w c:\windows\system32\dllcache\XpsSvcs.dll
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2006-10-18 20:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 19:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2006-10-21 09:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll
+ 2007-10-09 12:03:00 73,752 ----a-w c:\windows\system32\dxva2.dll
- 2006-10-21 09:30:00 478,496 ----a-w c:\windows\system32\evr.dll
+ 2007-10-09 12:03:12 493,080 ----a-w c:\windows\system32\evr.dll
- 2008-12-15 14:20:51 185,016 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-21 23:17:12 185,016 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2006-10-30 15:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe
+ 2007-10-11 08:55:10 579,584 ----a-w c:\windows\system32\icardagt.exe
- 2006-10-30 15:33:58 9,480 ----a-w c:\windows\system32\icardres.dll
+ 2007-10-11 08:55:10 11,776 ----a-w c:\windows\system32\icardres.dll
- 2006-10-30 15:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll
+ 2007-10-11 08:55:10 88,576 ----a-w c:\windows\system32\infocardapi.dll
- 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
- 2006-10-21 09:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll
+ 2007-10-09 12:03:14 1,986,072 ----a-w c:\windows\system32\milcore.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2008-04-14 12:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2008-04-14 12:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 12:00:00 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
- 2006-12-22 11:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-24 00:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll
- 2005-09-23 19:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
+ 2007-10-24 00:47:38 158,720 ----a-w c:\windows\system32\mscorier.dll
- 2005-09-23 19:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
+ 2007-10-24 00:47:38 84,480 ----a-w c:\windows\system32\mscories.dll
+ 2006-10-02 14:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-10-16 01:01:39 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:02:12 3,088,896 ----a-w c:\windows\system32\mshtml.dll
- 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 20:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
+ 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
- 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 20:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
- 2006-12-22 12:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2007-10-24 00:47:44 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll
- 2008-12-14 02:23:31 71,130 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-22 10:06:36 72,314 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-14 02:23:31 84,354 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-12-22 10:06:36 86,126 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-14 02:23:31 438,036 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-22 10:06:36 443,300 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-14 02:23:31 506,698 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-12-22 10:06:36 512,942 ----a-w c:\windows\system32\perfh00C.dat
+ 2006-10-18 20:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2006-10-21 09:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2007-10-09 12:03:04 106,520 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
- 2006-10-21 09:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe
+ 2007-10-09 12:03:08 350,744 ----a-w c:\windows\system32\PresentationHost.exe
- 2006-10-21 09:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll
+ 2007-10-09 12:03:02 33,304 ----a-w c:\windows\system32\PresentationHostProxy.dll
- 2006-10-21 09:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 12:03:12 779,800 ----a-w c:\windows\system32\PresentationNative_v0300.dll
- 2006-10-15 04:43:38 124,416 ----a-w c:\windows\system32\prntvpt.dll
+ 2007-03-22 19:25:02 124,928 ----a-w c:\windows\system32\prntvpt.dll
- 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-06-30 01:07:36 14,048 ----a-w c:\windows\system32\spmsg2.dll
+ 2006-06-29 12:07:36 14,048 ------w c:\windows\system32\spmsg2.dll
- 2006-10-15 04:43:18 751,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-22 19:24:50 762,880 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
- 2006-10-15 04:42:40 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 19:24:34 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2007-03-09 09:03:52 372,736 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-22 19:24:06 376,832 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2007-03-09 09:03:54 740,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-22 20:03:54 749,568 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2007-03-09 09:03:58 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-22 20:03:58 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2006-10-15 08:22:00 1,698,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-03-23 05:07:56 1,683,280 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
- 2006-10-15 04:44:44 671,744 ----a-w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2007-03-22 19:25:42 677,376 ----a-w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
- 2006-10-15 05:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-22 19:53:16 746,496 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
- 2006-10-15 08:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-22 19:59:24 2,932,224 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
- 2006-10-15 05:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-22 19:53:16 746,496 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
- 2006-10-15 08:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-22 19:59:24 2,932,224 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
- 2006-10-15 04:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-22 19:24:50 762,880 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
- 2006-10-15 08:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 05:07:56 1,683,280 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
- 2006-10-15 04:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-22 19:24:50 762,880 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
- 2006-10-15 08:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2007-03-23 05:07:56 1,683,280 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2007-10-09 11:58:20 16,896 ----a-w c:\windows\system32\tswpfwrp.exe
- 2006-10-21 09:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll
+ 2007-10-09 12:03:08 161,304 ----a-w c:\windows\system32\UIAutomationCore.dll
- 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 20:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 20:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 20:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 20:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2008-04-14 12:00:00 200,704 ----a-w c:\windows\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
- 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 12:00:00 4,874,240 ----a-w c:\windows\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
- 2008-04-14 12:00:00 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2008-04-14 12:00:00 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2008-04-14 12:00:00 2,985,984 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2008-04-14 12:00:00 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2008-06-10 06:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 20:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
- 2006-10-15 08:21:58 580,352 ----a-w c:\windows\system32\XPSSHHDR.dll
+ 2007-03-23 05:07:54 583,504 ----a-w c:\windows\system32\XPSSHHDR.dll
- 2006-10-15 08:22:00 1,698,048 ----a-w c:\windows\system32\XpsSvcs.dll
+ 2007-03-23 05:07:56 1,683,280 ----a-w c:\windows\system32\XpsSvcs.dll
- 2006-10-21 09:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-10-09 12:03:08 308,760 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-12-22 22:33:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_654.dat
+ 2008-12-21 23:12:45 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-24 00:47:56 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 00:47:56 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 00:47:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2008-04-25 18:09:12 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-12-21 23:12:51 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-25 18:09:12 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-12-21 23:12:51 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-01 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-01 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-07-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-07-01 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2008-11-23 6016]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-10-15 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-10-15 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;\??\c:\windows\system32\Drivers\OEM13Afx.sys [2008-10-15 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-10-15 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-10-15 235840]
S1 39cf3d67;39cf3d67;c:\windows\system32\drivers\39cf3d67.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
FF - ProfilePath - c:\documents and settings\Ishadawn\Application Data\Mozilla\Firefox\Profiles\602dmm0l.default\
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:33:31
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\8GOW5DLSZ6FNV4CL

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WudfHost.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\imapi.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-22 23:35:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 22:35:32
ComboFix2.txt 2008-12-21 19:41:49

Avant-CF: 156 484 186 112 octets libres
Après-CF: 156,463,910,912 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

1191 --- E O F --- 2008-12-21 23:28:41

Rapport MBAM :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1533
Windows 5.1.2600 Service Pack 3

23/12/2008 00:39:01
mbam-log-2008-12-23 (00-39-01).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 184263
Temps écoulé: 59 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Bonsoir,

Le rapport a été coupé du fait de sa longueur.


1) Reposte-le à partir de la section :

((((((((((((((((((((((((((((( snapshot@2008-12-21_20.41.18.70 )))))))))))))))))))))))))))))))))))))))))


2) Poste également le rapport MBAM.


Normalement, cela doit être OK.


Deuxième ordinateur

Constates-tu des disfonctionnements particuliers ?


1) Désinstalle totalement Avast avec l'utilitaire de désinstallation officiel


2) Télécharge Malwarebytes Anti-Malware.


3) Installe-le et fais les mises à jour.


3) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


A plus tard.

La fin du rapport et le rapport MBAM sont juste au dessus ; j'étais en train de les poster quand tu as répondu. Il reste juste un détail mais je ne sais pas si c'est lié ou pas, IE7 refuse de s'installer (ce n'est pas gênant en soi car j'utilise Firefox mais comme j'ai la mise à jour qui est proposé systématiquement çà devient un peu agaçant).

Pour le 2ème ordinateur, je mettrais les infos dans un post suivant.

Bonjour,

Un rootkit est revenu.


1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


4) Affiche les fichiers et les dossiers cachés. Tutorial.


5) Ouvre le fichier C:\WINDOWS\ie7.log et poste son contenu.


A plus tard.

Rapport Combofix :

ComboFix 08-12-21.01 - Ishadawn 2008-12-23 13:54:48.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2428 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ishadawn\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Ishadawn\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\windows\8GOW5DLSZ6FNV4CL
c:\windows\system32\drivers\39cf3d67.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\38773665\

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_39cf3d67


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 23:37 . 2008-12-22 23:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 23:37 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 23:37 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 00:05 . 2008-12-22 00:05 <REP> d-------- c:\program files\Windows Media Connect 2
2008-12-22 00:03 . 2008-12-22 00:04 <REP> d-------- c:\windows\system32\drivers\UMDF
2008-12-21 20:59 . 2008-12-21 20:59 <REP> d-------- c:\program files\Avira
2008-12-21 20:59 . 2008-12-21 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-21 20:02 . 2008-12-21 20:18 <REP> d-------- c:\program files\UsbFix
2008-12-18 21:02 . 2008-12-18 21:02 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Malwarebytes
2008-12-18 21:01 . 2008-12-18 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 20:24 . 2008-12-18 20:24 <REP> d-------- c:\program files\Trend Micro
2008-12-15 16:10 . 2008-12-15 16:12 2 --a------ C:\38773665
2008-12-15 00:10 . 2008-12-15 00:10 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\OpenOffice.org
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\OpenOffice.org 3
2008-12-15 00:08 . 2008-12-15 00:08 <REP> d-------- c:\program files\JRE
2008-12-14 21:34 . 2008-12-23 13:58 <REP> d-------- c:\program files\DNA
2008-12-14 21:34 . 2008-12-14 21:34 <REP> d-------- c:\program files\BitTorrent
2008-12-14 21:34 . 2008-12-23 13:58 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\DNA
2008-12-14 21:34 . 2008-12-15 15:27 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\BitTorrent
2008-12-14 17:55 . 2008-12-14 17:55 <REP> d-------- c:\program files\Foxit Software
2008-12-14 03:25 . 2008-12-14 03:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Macromedia
2008-12-14 00:32 . 2008-12-14 00:32 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-12-14 00:13 . 2008-12-14 00:13 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Roxio
2008-12-12 14:45 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator Toolbar
2008-12-12 00:17 . 2008-12-12 00:17 <REP> d-------- c:\program files\PDFCreator
2008-12-12 00:17 . 2008-12-12 00:17 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_343.exe
2008-12-12 00:17 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2008-12-12 00:17 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-12 00:17 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-12-12 00:17 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-12 00:17 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2008-12-12 00:17 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\windows\speech
2008-12-09 20:00 . 2008-12-09 20:01 <REP> d-------- c:\program files\Subliminal Visualizer Pro
2008-12-09 20:00 . 2008-12-09 20:00 <REP> d-------- c:\program files\SRSRipper
2008-12-09 20:00 . 2008-12-09 20:53 <REP> d-------- c:\program files\SRS5-1XP
2008-12-09 20:00 . 2003-08-27 23:13 1,101,824 --a------ c:\windows\system32\vbskpro.ocx
2008-12-09 20:00 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-09 20:00 . 2000-05-22 00:00 608,448 --a------ c:\windows\system32\ComCtl32.ocx
2008-12-09 20:00 . 2002-11-29 16:07 503,808 --a------ c:\windows\system32\DXVUMeter.ocx
2008-12-09 20:00 . 2000-12-06 00:00 415,176 --a------ c:\windows\system32\Comct332.ocx
2008-12-09 20:00 . 1998-04-24 20:08 368,912 --a------ c:\windows\system32\vbar332.dll
2008-12-09 20:00 . 2000-05-22 00:00 203,976 --a------ c:\windows\system32\RichTx32.ocx
2008-12-09 20:00 . 2001-09-28 17:00 164,864 --a------ c:\windows\UNWISE.EXE
2008-12-09 20:00 . 2000-03-13 05:00 118,784 --a------ c:\windows\system32\Msstdfmt.dll
2008-12-09 20:00 . 2003-05-21 06:47 49,152 --a------ c:\windows\system32\mp3enc.dll
2008-12-09 20:00 . 2000-06-13 16:06 32,768 --a------ c:\windows\system32\prjKnob.ocx
2008-12-08 18:21 . 2008-12-08 18:26 <REP> d-------- c:\program files\MB Free Subliminal Message Software
2008-12-08 18:21 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-08 18:21 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\Tabctl32.ocx
2008-12-08 18:21 . 2001-03-13 14:49 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-08 18:21 . 2008-12-08 18:21 33 --a------ c:\windows\system32\minsage
2008-12-07 21:58 . 2008-12-07 22:45 <REP> d-------- c:\program files\Audacity
2008-12-07 18:21 . 2008-12-07 18:21 <REP> d-------- c:\windows\Sun
2008-12-07 14:46 . 2008-12-07 18:23 <REP> d-------- c:\program files\Artweaver 0.5
2008-12-07 14:46 . 2008-12-07 14:46 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Artweaver
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\program files\Fichiers communs\Jasc Software Inc
2008-12-07 14:09 . 2008-12-07 14:09 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Jasc Software Inc
2008-12-07 14:07 . 2008-12-07 14:09 <REP> d-------- c:\program files\Jasc Software Inc
2008-12-07 13:53 . 2008-12-07 13:53 <REP> d--h----- c:\windows\PIF
2008-12-07 11:38 . 2008-12-07 11:38 <REP> d-------- c:\program files\MSXML 4.0
2008-12-05 08:44 . 2008-12-23 13:42 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HPAppData
2008-12-04 21:17 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\HP
2008-12-04 21:15 . 2008-12-04 21:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-04 21:15 . 2007-10-30 10:22 970,752 -ra------ c:\windows\system32\hpotiop6.dll
2008-12-04 21:15 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-04 21:15 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-04 21:15 . 2007-10-30 10:22 303,104 -ra------ c:\windows\system32\hpovst14.dll
2008-12-04 21:15 . 2008-02-12 04:49 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-04 21:15 . 2008-02-07 10:26 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-04 21:15 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-04 21:15 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-12-04 21:15 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-04 21:15 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\HP
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-12-04 21:04 . 2008-12-04 21:04 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-04 21:04 . 2008-12-04 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-04 21:02 . 2008-12-04 21:04 <REP> d-------- c:\program files\HP
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-04 21:02 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-04 21:00 . 2008-12-04 21:17 177,936 --a------ c:\windows\hpoins29.dat
2008-12-04 21:00 . 2008-02-20 05:36 986 --------- c:\windows\hpomdl29.dat
2008-12-03 23:39 . 2008-12-03 23:39 <REP> d-------- c:\program files\SubliSoft
2008-12-01 15:10 . 2008-12-01 15:10 <REP> d-------- c:\program files\Axon Data
2008-11-28 21:30 . 2008-11-28 21:30 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Creative
2008-11-28 21:24 . 2008-02-06 03:21 4,658,456 -ra------ c:\windows\system32\drivers\lvuvc.sys
2008-11-28 21:24 . 2008-02-06 03:21 490,008 -ra------ c:\windows\system32\LVUI2.dll
2008-11-28 21:24 . 2008-02-06 03:21 465,432 -ra------ c:\windows\system32\LVUI2RC.dll
2008-11-28 21:24 . 2008-02-06 03:18 416,280 -ra------ c:\windows\system32\lvcodec2.dll
2008-11-28 21:08 . 2008-11-28 21:08 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Leadertech
2008-11-28 21:07 . 2008-02-06 03:18 195,096 --a------ c:\windows\system32\lvci11701196.dll
2008-11-28 21:07 . 2008-02-06 02:37 66,482 -ra------ c:\windows\system32\lvcoinst.ini
2008-11-28 21:07 . 2008-02-06 03:21 41,752 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2008-11-28 21:07 . 2008-02-06 02:40 25,056 -ra------ c:\windows\system32\Repository.reg
2008-11-28 21:06 . 2008-02-06 03:21 23,832 -ra------ c:\windows\system32\drivers\lvuvcflt.sys
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\program files\Logitech
2008-11-28 21:05 . 2008-11-28 21:07 <REP> d-------- c:\program files\Fichiers communs\LogiShrd
2008-11-28 21:05 . 2008-11-28 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-28 21:05 . 2008-12-22 23:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-28 20:54 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-28 19:21 . 2008-11-28 19:21 754 --a------ c:\windows\WORDPAD.INI
2008-11-27 20:15 . 2008-11-27 20:15 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Media Player Classic
2008-11-27 20:13 . 2008-11-27 20:13 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-26 14:44 . 2008-11-26 14:44 <REP> d-------- c:\program files\Windows Journal Viewer
2008-11-25 13:01 . 2008-12-22 00:03 <REP> d-------- c:\windows\system32\LogFiles
2008-11-24 17:59 . 2008-12-20 18:35 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\skypePM
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-24 17:58 . 2008-12-20 19:22 <REP> d-------- c:\documents and settings\Ishadawn\Application Data\Skype
2008-11-24 17:58 . 2008-11-24 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-24 15:10 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-24 15:10 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-24 15:10 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-24 15:09 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-24 15:09 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-24 15:07 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 15:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-14 02:25 --------- d-----w c:\program files\Java
2008-12-13 23:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 23:28 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-22 22:57 --------- d-----w c:\documents and settings\Ishadawn\Application Data\CyberLink
2008-11-22 22:54 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-31 18:32 --------- d-----w c:\documents and settings\Ishadawn\Application Data\Dell
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-22_23.35.11.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-03 08:58:34 317,440 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-29 10:59:14 318,976 ----a-w c:\windows\inf\unregmp2.exe
- 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 15:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 15:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 09:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-10-18 20:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 17:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-12-23 12:58:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_850.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-01 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-01 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-07-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-07-01 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2008-11-23 6016]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-10-15 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-10-15 43480]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;\??\c:\windows\system32\Drivers\OEM13Afx.sys [2008-10-15 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-10-15 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-10-15 235840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-r(...)
FF - ProfilePath - c:\documents and settings\Ishadawn\Application Data\Mozilla\Firefox\Profiles\602dmm0l.default\
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 13:58:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3116)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WudfHost.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\imapi.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 14:00:22 - La machine a redémarré [Ishadawn]
ComboFix-quarantined-files.txt 2008-12-23 13:00:16
ComboFix2.txt 2008-12-22 22:35:39
ComboFix3.txt 2008-12-21 19:41:49

Avant-CF: 156 434 194 432 octets libres
Après-CF: 156,425,580,544 octets libres

303 --- E O F --- 2008-12-23 00:31:03

Fichier IE7.log :

[ie7.log]
0.313: ================================================================================
0.313: 2008/12/15 21:03:16.125 (local)
0.313: c:\0c6167643f2b62891281435dba\update\update.exe (version 6.2.29.0)
0.344: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.360: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS
0.360: IECUSTOM: Scanning for proper registry permissions...
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.922: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.282: IECUSTOM: Scanning for proper registry permissions...
1.516: IECUSTOM: Scanning for proper registry permissions...
1.782: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.860: IECUSTOM: Backing up registry permissions...
1.860: IECUSTOM: Finished backing up registry permissions...
1.860: IECUSTOM: Setting new registry permissions...
1.860: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.860: IECUSTOM: Finished setting new registry permissions...
1.860: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534
1.860: DoInstallation: CustomizeCall Failed: 0x3f5
1.860: IECUSTOM: Restoring registry permissions...
1.875: IECUSTOM: Finished restoring registry permissions...
1.875: Impossible d'écrire la clé du Registre de configuration.
1.875: L'installation du Internet Explorer 7 ne s'est pas terminée.
1.875: Update.exe extended error code = 0x3f5
0.422: ================================================================================
0.437: 2008/12/21 22:56:27.984 (local)
0.437: c:\915feee13d552ec040b8\update\update.exe (version 6.2.29.0)
0.453: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.469: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS
0.469: IECUSTOM: Scanning for proper registry permissions...
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.890: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.187: IECUSTOM: Scanning for proper registry permissions...
1.344: IECUSTOM: Scanning for proper registry permissions...
1.578: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.625: IECUSTOM: Backing up registry permissions...
1.656: IECUSTOM: Finished backing up registry permissions...
1.656: IECUSTOM: Setting new registry permissions...
1.656: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.656: IECUSTOM: Finished setting new registry permissions...
1.656: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534
1.656: DoInstallation: CustomizeCall Failed: 0x3f5
1.656: IECUSTOM: Restoring registry permissions...
1.672: IECUSTOM: Finished restoring registry permissions...
1.687: Impossible d'écrire la clé du Registre de configuration.
1.687: L'installation du Internet Explorer 7 ne s'est pas terminée.
1.687: Update.exe extended error code = 0x3f5
0.234: ================================================================================
0.234: 2008/12/22 00:11:07.656 (local)
0.234: c:\36dfcfe134d96e09fd5e8702528a25\update\update.exe (version 6.2.29.0)
0.265: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.265: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS
0.265: IECUSTOM: Scanning for proper registry permissions...
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.625: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.640: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib
0.640: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
0.906: IECUSTOM: Scanning for proper registry permissions...
1.078: IECUSTOM: Scanning for proper registry permissions...
1.281: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.344: IECUSTOM: Backing up registry permissions...
1.344: IECUSTOM: Finished backing up registry permissions...
1.344: IECUSTOM: Setting new registry permissions...
1.344: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}
1.344: IECUSTOM: Finished setting new registry permissions...
1.344: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534
1.344: DoInstallation: CustomizeCall Failed: 0x3f5
1.344: IECUSTOM: Restoring registry permissions...
1.359: IECUSTOM: Finished restoring registry permissions...
1.375: Impossible d'écrire la clé du Registre de configuration.
1.375: L'installation du Internet Explorer 7 ne s'est pas terminée.
1.375: Update.exe extended error code = 0x3f5

Deuxième ordinateur :

Pas d'anomalie flagrante à noter si ce n'est qu'il n'est pas très rapide dans son démarrage et au chargement des programmes. Je me dis qu'il y a peut être trop de processus qui tournent.

Néanmois le fichier malwarebytes a retrouvé des choses.

Pour l'antivirus, j'ai AVG Internet Security qui a remplacé Antispyware. Est-ce qu'il est suffisant tout seul ou est-ce qu'il faut que je rajoute Antivir ?

Rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1535
Windows 5.1.2600 Service Pack 3

23/12/2008 13:53:05
mbam-log-2008-12-23 (13-53-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152130
Temps écoulé: 1 hour(s), 52 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bonsoir,


1er ordinateur


1) Désactive tes logiciels de protection.


2) Télécharge OTMoveIt3 de OldTimer :

- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :



- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...


3) Menu Démarrer >> Exécuter > tape : regedit

- Déroule les sous-clés en cliquant sur "+" selon le schéma suivant :



4) Clique droit sur {34A715A0-6587-11D0-924A-0020AFC7AC4D} > Autorisations

- Vérifie que la case "Contrôle Total" soit côchée les éléments Administrateurs, Ishadawn et SYSTEM. Si nécessaire, côche-là.


5) Redémarre l'ordinateur et essaie d'installer IE7.


2ème ordinateur


1) Relance HijackThis

- (Do a system Scan Only), cocher les lignes suivantes si présentes :

- Ferme tous les programmes et navigateur, et Clique sur Fix Checked.


2) Supprime si présent : C:\Program Files\FunWebProducts


3) Poste un nouveau rapport HijackThis.


A plus tard.

Ordi n°1 :

IE7 s'est correctement installé.

Rapport OTMoveIt :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\38773665 moved successfully.
File/Folder c:\program files\Mozilla Firefox\components\iamfamous.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFB56C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFB57E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFC051.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFC078.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFD5D1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFE26F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_850.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_213910

Files moved on Reboot...
File C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFB56C.tmp not found!
File C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFB57E.tmp not found!
File C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFC051.tmp not found!
File C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFC078.tmp not found!
C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFD5D1.tmp moved successfully.
File C:\DOCUME~1\Ishadawn\LOCALS~1\Temp\~DFE26F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_850.dat not found!

Ordi n°2 :

J'ai supprimé les lignes indiqués. Je n'ai pas retrouvé Funwebproducts.

Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:48, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.xbook-computer.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 12577 bytes

Bonsoir,

Tes ordinateurs ne sont plus infectés.

Pour la lenteur du deuxième, il y a en effet beaucoup d'applications qui se lancent au démarrage. Si tu le désires, nous pouvons l'optimiser.


Suppression des outils - Ordinateur 1


1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.


2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.

- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.


3) Ferme le rapport qui s'ouvre, et poste-le dans ta prochaine réponse.


Tu peux ensuite supprimer ToolCleaner.


Quelques conseils de sécurité


Je te conseille également la lecture de ce document.

Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.


Cordialement.

Et bien merci de ton aide pour la désinfection des 2 ordinateurs.

J'ai supprimé les applications du 1er ordinateur mais je n'ai pas eu de fichier à la fin. Je suppose qu'il fallait copier le contenu marqué dans le logiciel mais je n'y ai pas pensé sur le coup. Enfin, il n'y a plus rien sur le bureau de visible et il m'a indiqué que tous les logiciels avaient été supprimé.

Pour l'optimisation, je veux bien un coup de main car j'ai déjà un démarrage sélectif mais j'ai toujours beaucoup de processus qui tournent d'où un démarrage long et des programmes qui mettent beaucoup de temps à se lancer.

Bonsoir,


2ème ordinateur


1) Relance HijackThis

- (Do a system Scan Only), cocher les lignes suivantes si présentes :

- Ferme tous les programmes et navigateur, et Clique sur Fix Checked.


2) Menu Démarrer >> exécuter > copie/colle les commandes ci-dessous en validant à chaque fois.



3) Redémarre ton ordinateur.


Le système est-il plus rapide ?


A plus tard.

Le système n'est pas plus rapide avec les modifications. J'ai même l'impression qu'il met plus de temps à charger (au 1er lancement) Firefox.

Bonsoir,

Les manipulations effectuées empêchent simplement le lancement automatique de programmes superflu. Il ne faut donc pas s'attendre à un gain important de performances.

La lenteur au 1er lancement de Firefox est causée par l'effacement du contenu du cache et de celui du Prefetch par les outils utilisés au cours de la désinfection. C'est donc normal.


Cordialement.

Ok, je vais me contenter de la vitesse actuelle alors.

Merci pour tout.

Au plaisir.