Logfile of Trend Micro HijackThis - 08022009

J'ai le fichier mais il fait 17 MB. Je ne parviens à en copier le contenu dans la réponse. Y-a-t'il une autre méthode pour le transférer ou bien faut-il juste en transférer une section?

En fait c'était un peu long/lent mais l'entièreté du fichier arrive. Si cela échoue, je posterai les 100 premières lignes

Voici les premières lignes au cas où le fichier complet est bloqué qque part.
------------------------------

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005]
"Height"=dword:00000000
"Weight"=dword:00000000
"Width"=dword:00000000
"Esc"=dword:00000000
"Orient"=dword:00000000
"Italic"=dword:00000000
"Underline"=dword:00000000
"StrikeOut"=dword:00000000
"CharSet"=dword:00000000
"OutPrec"=dword:00000000
"ClipPrec"=dword:00000000
"Quality"=dword:00000000
"Pitch&Family"=dword:00000000
"FaceName"=""
"Color"=dword:0000ff00
"Duration"=dword:000004b0

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\
]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\€4]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ €4]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\@€4]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\.Default]
@="Default Beep"
"DispFileName"="@mmsys.cpl,-5824"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\ActivatingDocument]
@="Complete Navigation"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,31,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\AppGPFault]
@="Program error"
"DispFileName"="@mmsys.cpl,-5825"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Banner]
@="Directional Arrows"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\BlockedPopup]
@="Blocked Pop-up Window"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,35,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\CCSelect]
@="Select"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,33,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Close]
@="Close program"
"DispFileName"="@mmsys.cpl,-5826"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\CriticalBatteryAlarm]
@="Critical Battery Alarm"
"DispFileName"="@mmsys.cpl,-5827"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\DeviceConnect]
@="Device Connect"
"DispFileName"="@mmsys.cpl,-5828"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\DeviceDisconnect]
@="Device Disconnect"
"DispFileName"="@mmsys.cpl,-5829"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\DeviceFail]
@="Device Failed to Connect"
"DispFileName"="@mmsys.cpl,-5830"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\DragDrop]
@="Drag-n-Drop"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\EmptyRecycleBin]
@="Empty Recycle Bin"
"DispFileName"="@mmsys.cpl,-5831"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\FeedDiscovered]
@="Feed Discovered"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,33,00,31,00,35,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\ListSelect]
@="Launcher List Select"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\LowBatteryAlarm]
@="Low Battery Alarm"
"DispFileName"="@mmsys.cpl,-5832"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MailBeep]
@="New Mail Notification"
"DispFileName"="@mmsys.cpl,-5837"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Maximize]
@="Maximize"
"DispFileName"="@mmsys.cpl,-5833"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MenuCommand]
@="Menu command"
"DispFileName"="@mmsys.cpl,-5834"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MenuPopup]
@="Menu popup"
"DispFileName"="@mmsys.cpl,-5835"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Minimize]
@="Minimize"
"DispFileName"="@mmsys.cpl,-5836"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MoveMenuItem]
@="Move Menu Item"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,32,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_1to3line]
@="Engage 3-Line Mode"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_3to1line]
@="Engage 1-Line Mode"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Advisor]
@="Advisor FYI Popup in Feedback Pane"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_AdvRt]
@="Advisor FYI Popup"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_AvHelpOff]
@="Audio/Video Help Off"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_AvHelpOn]
@="Audio/Video Help On"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Balance]
@="Finished Balancing Account"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Balance0]
@="Zero Balance"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_BillAdd]
@="Enter New Bill"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_CalendarFlip]
@="Flip Calendar Pages"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_DelTrn]
@="Delete Transaction"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Done]
@="Submit Information"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Error]
@="Popup Warning/Error Message"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_FormHide]
@="Hide Transaction Forms"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_FormShow]
@="Show Transaction Forms"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_HelpPaneIcons]
@="Help Window Tools"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_HelpPaneResize]
@="Resize Help Window"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Intro]
@="Launch Money"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_IUEFinish]
@="Congratulations"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_LowOn]
@="Low Balance"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_MenuClose]
@="Close Menu"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_MenuOpen]
@="Open Menu"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_MenuOver]
@="Menu Commands"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_MoveBack]
@="Navigate Back"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_MoveForward]
@="Navigate Forward"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_NavBar]
@="Navigation Task"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_PostIUE]
@="Launch Money/New User"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_ScrollOpen]
@="Open Cascading Tab"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Search]
@="Find Results"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_SideBar]
@="Related Task"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_SmartFill]
@="AutoComplete"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_SplitTran]
@="Enter Split Transaction"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Summary]
@="Launch Transaction Summary"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_Tab]
@="Switch Transaction Forms"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_TransEnter]
@="Enter Transaction"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_TransEnterNeg]
@="Account Balance Negative"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_TransMod]
@="Clear/Reconcile Transaction"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_TrnOrder]
@="Reorder Transactions"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMoney_WebDone]
@="Finished Browsing"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMSGS_ContactOnline]
@="Contact Online"
"DispFileName"="@\"xpob2res.dll\",-41583"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMSGS_NewAlert]
@="New Alert"
"DispFileName"="@\"xpob2res.dll\",-41585"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMSGS_NewMail]
@="New Mail"
"DispFileName"="@\"xpob2res.dll\",-41586"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSMSGS_NewMessage]
@="New Message"
"DispFileName"="@\"xpob2res.dll\",-41584"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\MSwitch]
@="Launcher Menu Change"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Navigating]
@="Start Navigation"
"DispFileName"="@mmsys.cpl,-5838"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Open]
@="Open program"
"DispFileName"="@mmsys.cpl,-5839"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\PegConnectConfirm]
@="Connect Confirm"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\PegDisconnectConfirm]
@="Disconnect Confirm"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Popup]
@="Title Pressed"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\PrintComplete]
@="Print Complete"
"DispFileName"="@mmsys.cpl,-5840"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Reminder]
@="Reminder"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\RestoreDown]
@="Restore Down"
"DispFileName"="@mmsys.cpl,-5841"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\RestoreUp]
@="Restore Up"
"DispFileName"="@mmsys.cpl,-5842"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbChangeSb]
@="Portfolio, Change Collection"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbCloseLmDrop]
@="Portfolio, Close Compact View"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbDropItem]
@="Collection, Insert Item"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbItemSelect]
@="Collection, Select Item"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbMenuOpen]
@="Collection, Open Menu"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbNewMode]
@="Collection, Change View"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbOpenLmDrop]
@="Portfolio, Open Compact View"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SbSnapWidget]
@="Portfolio, Move Portfolio to Edge"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SearchProviderDiscovered]
@="Search Provider Discovered"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,35,00,31,00,33,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SecurityBand]
@="Information Bar"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,36,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\Selection]
@="Selection Item(s)"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\ShowBand]
@="Show Toolbar Band"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,34,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemAsterisk]
@="Asterisk"
"DispFileName"="@mmsys.cpl,-5843"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemExclamation]
@="Exclamation"
"DispFileName"="@mmsys.cpl,-5845"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemExit]
@="Exit Windows"
"DispFileName"="@mmsys.cpl,-5846"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemHand]
@="Critical Stop"
"DispFileName"="@mmsys.cpl,-5847"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemNotification]
@="System Notification"
"DispFileName"="@mmsys.cpl,-5848"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemQuestion]
@="Question"
"DispFileName"="@mmsys.cpl,-5849"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\SystemStart]
@="Start Windows"
"DispFileName"="@mmsys.cpl,-5850"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\ViewSwitch]
@="Launcher View Switch"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\VS_BreakpointHit]
@="Breakpoint Hit"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\VS_BuildCanceled]
@="Build Canceled"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\VS_BuildFailed]
@="Build Failed"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\VS_BuildSucceeded]
@="Build Succeeded"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\WindowsLogoff]
@="Windows Logoff"
"DispFileName"="@mmsys.cpl,-5852"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\EventLabels\WindowsLogon]
@="Windows Logon"
"DispFileName"="@mmsys.cpl,-5853"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes]
@=".current"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default]
@="Windows"
"DispFileName"="@mmsys.cpl,-5856"

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\.Default]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\.Default\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,44,00,69,00,6e,00,67,00,2e,00,77,00,61,\
00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\.Default\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,44,00,69,00,6e,00,67,00,2e,00,77,00,61,\
00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\AppGPFault]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\AppGPFault\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\CCSelect]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Close]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Close\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Close\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,42,00,61,00,74,00,74,00,65,00,72,00,79,\
00,20,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,2e,00,77,00,61,00,\
76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,42,00,61,00,74,00,74,00,65,00,72,00,79,\
00,20,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,2e,00,77,00,61,00,\
76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceConnect]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,65,00,72,00,74,00,2e,00,77,00,61,00,76,00,\
00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,65,00,72,00,74,00,2e,00,77,00,61,00,76,00,\
00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceDisconnect]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,52,00,65,00,6d,00,6f,00,76,00,65,00,2e,00,77,00,61,00,76,00,\
00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,52,00,65,00,6d,00,6f,00,76,00,65,00,2e,00,77,00,61,00,76,00,\
00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceFail]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceFail\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,46,00,61,00,69,00,6c,00,2e,00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\DeviceFail\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,48,00,61,00,72,00,64,00,77,00,61,00,72,\
00,65,00,20,00,46,00,61,00,69,00,6c,00,2e,00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\InternetAlert]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\InternetAlert\.current]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,42,00,61,00,74,00,74,00,65,00,72,00,79,\
00,20,00,4c,00,6f,00,77,00,2e,00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,42,00,61,00,74,00,74,00,65,00,72,00,79,\
00,20,00,4c,00,6f,00,77,00,2e,00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MailBeep]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MailBeep\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,4e,00,6f,00,74,00,69,00,66,00,79,00,2e,\
00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MailBeep\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,4e,00,6f,00,74,00,69,00,66,00,79,00,2e,\
00,77,00,61,00,76,00,00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Maximize]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Maximize\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Maximize\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuCommand]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuCommand\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuPopup]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\MenuPopup\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Minimize]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Minimize\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Minimize\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Open]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Open\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\Open\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\PrintComplete]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\PrintComplete\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\PrintComplete\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\RestoreDown]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\RestoreDown\.Current]
@=""

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\RestoreDown\.Default]
@=hex(2):00,00

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\RestoreUp]

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\AppEvents\Schemes\Apps\.Default\RestoreUp\.Current]
@=""

J'ai retrouvé "la main" sur mon PC. Le fait d'avoir fait tourner ComboFix a dû nettoyer qqch. J'ai pu télécharger les dernières signatures de TrendMicro et je peux à nouveau télécharger les mises à jour Microsoft; je ne suis plus redirigé vers Google. Je ne vais pas dire que l'incident est clos. Est-il possible de voir dans les logs transmis ce qui a causé ce problème? Est-ce qu'il n'y a plus rien qui traine qui pourrait à nouveau contaminer mon PC?

Merci pour l'aide,
Xavier

Le rapport de ComboFix suite à l'exécution du CFScript.
Le rapport Hijackthis est à la suite.
------------------------------------------ COMBOXFIX--------------------------------------

ComboFix 09-02-06.04 - Xavier 2009-02-08 16:16:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.273 [GMT 1:00]
Running from: c:\documents and settings\Xavier\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xavier\Desktop\CFscript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 15:15 . 2009-02-08 15:15 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-08 15:10 . 2009-02-08 15:10 134 --a------ c:\windows\IBMVPD.INI
2009-02-08 14:51 . 2009-02-08 14:51 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-08 14:51 . 2009-02-08 14:51 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-08 14:51 . 2009-02-08 14:51 <DIR> d-------- c:\program files\MSBuild
2009-02-08 14:49 . 2009-02-08 14:50 <DIR> d-------- C:\4b812d7019f15c8a86aa8734
2009-02-08 14:49 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-08 14:49 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-08 14:49 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-08 14:49 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-08 14:49 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-08 14:49 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-08 14:49 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-08 14:37 . 2009-02-08 14:37 <DIR> d-------- c:\documents and settings\Xavier\Application Data\Windows Desktop Search
2009-02-08 14:36 . 2009-02-08 14:36 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-08 14:36 . 2009-02-08 14:36 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-08 14:34 . 2008-03-07 18:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-02-08 14:34 . 2008-03-07 18:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-08 14:34 . 2008-03-07 18:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-08 14:33 . 2001-04-28 06:57 36,864 --a------ c:\windows\system32\Sktempdm.exe
2009-02-08 13:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-08 13:40 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-02-08 13:25 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-07 23:19 . 2003-12-31 04:50 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-02-07 23:19 . 2003-12-31 04:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-02-07 23:19 . 2003-12-31 04:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-02-07 23:19 . 2009-02-07 23:19 <DIR> d-------- c:\documents and settings\Administrator
2009-02-07 19:02 . 2009-02-08 13:36 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-07 18:48 . 2009-02-07 18:48 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-07 18:48 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-07 18:46 . 2009-02-07 18:46 <DIR> d-------- c:\program files\Lavasoft
2009-02-07 18:46 . 2009-02-07 18:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-07 18:46 . 2009-02-07 18:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 17:56 . 2009-02-07 17:58 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2009-02-07 14:52 . 2009-02-07 17:56 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-06 21:32 . 2009-02-06 21:28 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-06 21:32 . 2009-02-06 21:28 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-02-06 21:32 . 2009-02-06 21:28 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-02-06 21:31 . 2009-02-07 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-02-06 21:28 . 2008-11-27 02:39 1,195,384 --a------ c:\windows\system32\drivers\vsapint.sys
2009-02-06 21:28 . 2009-02-06 21:28 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-02-06 21:28 . 2009-02-06 21:28 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-02-06 21:28 . 2008-11-27 02:42 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-02-06 21:28 . 2009-02-06 21:28 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-02-06 21:28 . 2008-11-27 02:42 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys
2009-02-06 20:50 . 2009-02-06 20:50 <DIR> d-------- c:\documents and settings\Xavier\log
2009-01-24 22:55 . 2009-01-24 22:54 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-24 22:55 . 2009-01-24 22:54 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-24 22:51 . 2009-02-08 09:43 <DIR> d-------- c:\documents and settings\Xavier\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 15:14 --------- d-----w c:\documents and settings\Xavier\Application Data\Skype
2009-02-08 15:07 --------- d-----w c:\documents and settings\Xavier\Application Data\skypePM
2009-02-08 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-08 14:15 --------- d-----r c:\program files\Skype
2009-02-08 08:26 --------- d-----w c:\program files\Trend Micro
2009-02-07 13:34 --------- d-----w c:\program files\Google
2009-01-24 21:58 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-24 21:54 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-11-30 19:48 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-20 05:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092020080921\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_ 9.59.01,92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-08 14:00:30 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-02-08 14:00:35 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-02-08 13:51:33 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-02-08 14:00:45 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-02-08 13:51:40 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-02-08 14:00:48 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-02-08 14:00:50 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-02-08 14:00:39 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-02-08 14:00:39 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-02-08 13:51:41 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-02-08 14:00:38 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-02-08 14:00:18 5,242,880 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-02-08 14:00:30 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-02-08 14:00:20 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-02-08 14:00:29 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-02-08 14:00:31 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-02-08 14:00:31 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-02-08 14:00:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-02-08 13:54:12 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-02-08 14:00:40 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-02-08 13:54:13 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-02-08 14:00:42 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-02-08 13:54:13 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-02-08 13:54:13 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-02-08 14:00:43 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-02-08 13:54:13 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-02-08 14:00:44 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-02-08 14:00:36 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-02-08 13:51:33 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-02-08 14:00:35 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-02-08 14:00:34 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-02-08 14:00:37 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-02-08 14:00:33 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-02-08 13:54:12 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-02-08 14:00:47 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-02-08 14:00:37 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-02-08 14:00:33 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-02-08 14:00:32 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-02-08 13:51:45 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-02-08 13:51:40 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-02-08 13:51:45 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-02-08 13:51:47 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-02-08 13:51:47 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-02-08 13:51:47 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-02-08 13:51:48 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-02-08 14:03:04 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-02-08 13:51:49 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-02-08 13:51:41 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-02-08 13:54:14 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-02-08 13:51:34 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-02-08 14:00:47 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-02-08 13:54:16 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-02-08 13:54:16 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-02-08 13:54:22 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-02-08 14:00:48 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-02-08 14:00:49 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-02-08 13:54:16 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-02-08 13:54:17 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-02-08 13:54:17 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-02-08 13:54:18 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-02-08 13:54:10 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-02-08 14:04:29 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-02-08 13:54:09 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-02-08 14:04:30 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-02-08 14:00:50 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-02-08 14:00:51 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-02-08 14:00:28 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-02-08 13:54:10 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-02-08 14:00:29 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-02-08 14:00:36 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-02-08 14:00:27 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-02-08 14:00:41 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-02-08 13:51:50 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-02-08 13:51:34 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-02-08 13:51:34 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-02-08 13:54:19 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-02-08 14:00:43 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-02-08 14:00:42 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-02-08 13:54:22 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-02-08 14:00:41 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-02-08 14:00:40 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-02-08 13:51:34 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-02-08 14:00:38 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-02-08 13:51:38 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-02-08 13:51:39 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-02-08 13:54:08 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-02-08 14:03:02 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-02-08 14:00:34 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-02-08 13:51:45 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-02-08 13:54:23 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-02-08 13:54:23 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-02-08 14:04:31 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-02-08 13:54:19 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-02-08 14:04:30 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-02-08 13:54:25 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-02-08 14:04:32 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-02-08 14:00:21 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-02-08 14:00:25 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-02-08 13:54:26 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-02-08 14:00:24 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-02-08 14:00:26 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-02-08 13:54:20 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-02-08 13:51:43 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-02-08 13:51:43 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-02-08 13:51:44 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-02-08 13:54:08 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-02-08 13:54:21 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-02-08 14:00:53 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-02-08 14:00:52 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-02-08 13:51:46 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-02-08 13:51:46 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-02-08 13:51:42 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-02-08 13:51:42 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-02-08 13:51:42 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-02-08 13:51:46 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-02-08 14:42:28 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-02-08 14:42:40 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-02-08 14:40:56 410,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-02-08 14:43:56 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-02-08 14:42:45 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-02-08 14:44:02 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-02-08 14:43:09 1,888,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-02-08 14:44:10 839,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-02-08 14:42:57 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-02-08 14:44:18 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-02-08 14:44:56 1,966,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-02-08 14:44:40 1,620,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-02-08 14:45:03 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-02-08 14:45:00 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-02-08 14:41:19 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-02-08 14:41:10 1,093,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-02-08 14:45:22 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-02-08 14:42:55 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-02-08 14:02:38 11,486,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
+ 2009-02-08 14:03:19 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-02-08 14:03:24 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-02-08 14:05:43 12,216,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-02-08 14:06:07 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-02-08 14:12:28 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-02-08 14:12:15 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-02-08 14:12:23 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-02-08 14:11:28 14,327,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-02-08 14:12:20 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-02-08 14:12:49 1,657,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-02-08 14:12:57 2,128,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-02-08 14:41:35 320,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-02-08 14:41:42 256,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-02-08 14:41:53 366,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\[u]0/u45dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-02-08 14:45:35 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-02-08 14:45:31 633,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-02-08 14:45:41 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-02-08 14:43:19 971,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-02-08 14:13:11 2,295,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-02-08 14:45:51 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-02-08 14:13:49 2,516,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\[u]0/ubbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-02-08 14:43:41 2,510,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-02-08 14:13:27 6,616,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-02-08 14:15:07 10,683,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-02-08 14:15:44 208,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-02-08 14:15:33 1,587,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-02-08 14:37:30 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-02-08 14:37:21 1,056,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-02-08 14:37:40 381,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-02-08 14:16:35 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-02-08 14:38:12 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\[u]0/u34c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-02-08 14:43:50 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-02-08 14:40:34 17,317,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-02-08 14:16:53 1,917,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-02-08 14:18:12 12,430,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-02-08 14:20:15 5,450,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-02-08 14:03:08 7,868,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-02-08 14:20:30 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-02-08 14:20:40 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-02-08 14:20:45 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-02-08 14:20:49 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-02-08 14:03:39 3,313,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-02-08 14:21:19 240,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-02-08 14:42:00 321,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll
+ 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 01:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2008-10-17 01:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2009-02-08 14:15:44 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-02-08 12:47:53 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-17 20:21:06 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-08 12:55:08 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-17 20:21:05 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-08 12:55:08 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-17 20:21:06 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-08 12:55:08 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-17 20:21:06 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-08 12:55:08 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-17 20:21:06 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-08 12:55:08 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-17 20:21:06 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-08 12:55:08 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-17 20:21:06 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-08 12:55:08 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-17 20:21:06 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-08 12:55:09 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-17 20:21:05 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-08 12:55:08 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-17 20:21:05 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-08 12:55:07 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2003-02-20 17:09:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 10:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 17:09:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 10:16:58 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 10:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 10:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 10:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 10:16:58 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 10:16:42 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 10:16:48 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 10:16:50 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 10:17:10 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 10:16:36 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 10:17:00 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 10:17:02 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 10:16:44 98,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 10:17:02 58,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 10:16:40 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 10:16:40 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 10:16:40 17,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 10:16:40 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 10:16:38 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 10:16:40 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 10:16:40 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 10:16:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 10:16:40 34,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-11-25 03:59:18 31,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 10:16:40 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 10:17:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 10:17:00 89,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 10:16:50 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 10:16:50 1,163,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-07-25 10:16:50 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 10:17:02 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 10:17:00 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 10:16:50 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 10:16:46 62,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 10:16:46 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 10:17:16 575,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 10:17:00 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 10:16:58 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 10:17:00 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 10:17:02 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 10:17:00 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 10:17:00 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 10:17:00 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 10:17:00 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 10:17:00 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 10:17:00 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 10:16:54 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 10:16:56 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 10:16:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 10:16:56 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 10:16:56 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 10:16:54 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 10:17:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 10:17:14 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 10:17:12 659,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 10:16:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 10:17:16 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 10:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 10:16:38 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 10:16:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 10:16:40 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 10:16:56 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-11-25 03:59:40 990,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 10:17:00 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 10:17:00 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 10:17:00 46,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-11-25 03:59:40 364,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 10:17:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-11-25 03:59:40 4,546,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 10:17:00 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 10:17:04 345,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 10:17:00 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 10:16:58 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 10:17:02 230,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 10:17:02 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 10:17:02 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-11-25 03:59:36 5,813,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 10:17:04 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\[u]0/u409\mscorsecr.dll
+ 2008-07-25 10:17:02 100,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 10:17:02 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 10:17:02 88,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 10:16:58 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 10:17:00 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 10:17:00 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 10:17:06 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 10:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 10:17:00 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 10:17:04 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 10:17:02 392,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 10:17:02 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 10:17:02 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 10:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 10:17:00 2,933,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 03:59:40 486,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 10:17:02 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 10:16:46 970,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 10:17:00 5,062,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 10:17:00 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 10:17:02 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 10:17:00 3,149,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 10:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 10:17:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 10:17:02 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 10:17:02 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 10:17:02 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 10:17:00 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 10:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 10:17:00 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 10:17:00 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 10:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 10:17:00 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 10:17:02 261,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-11-25 03:59:40 5,242,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 10:17:02 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 10:17:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 10:17:00 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 10:17:00 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 03:59:40 2,048,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 10:17:02 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 10:17:10 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 10:16:38 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-11-25 03:59:18 436,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 10:17:02 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-29 18:16:38 168,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-29 18:24:50 881,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 18:16:38 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 18:16:38 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 18:16:38 11,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-29 18:16:38 156,688 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 18:16:38 20,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 18:16:38 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 18:16:38 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 18:16:38 966,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-12-05 19:12:12 5,931,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-29 18:16:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 18:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 18:16:38 152,576 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 18:32:52 17,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 20:10:04 806,928 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 20:10:04 4,883,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-29 20:10:04 2,637,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 20:10:04 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 18:59:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 20:10:04 46,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 18:59:58 132,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 19:35:46 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-12-05 18:35:22 1,736,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 22:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 22:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 22:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 22:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 22:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 22:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 22:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 22:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 22:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 17:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 17:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 17:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 17:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 17:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 17:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 17:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 17:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 17:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 17:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 17:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 17:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 17:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 17:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 17:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 17:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 17:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 17:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 17:47:34 129,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 17:47:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 17:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 17:47:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 17:47:34 123,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 17:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 17:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 17:47:34 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 17:47:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 17:47:34 131,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 17:47:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 17:47:34 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 17:47:34 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 17:47:34 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-29 17:47:34 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 17:47:34 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 17:47:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 17:47:34 89,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 17:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 17:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 17:47:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 17:47:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 17:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 17:47:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 17:47:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 17:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 17:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 17:

Voici la suite APRES le snapshot.

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2004-11-18 258048]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-01-16 581632]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"LaCie Backup"="c:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 2633728]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-02-06 497008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-09 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-20 315392]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"Rapid Restore"="c:\program files\Xpoint\PE\Skin\rrpcsb.exe" [2003-04-16 167936]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-01-16 581632]
"HPpromo psc 2175"="c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 126976]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-02-06 970808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-08 509784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 c:\windows\system32\ico.exe]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2001-07-05 c:\windows\system32\SKDAEMON.EXE]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 c:\windows\system32\V0060Pin.dll]
"Detect Kbd Daemon"="SK2000DM.EXE" [2001-04-28 c:\windows\system32\SK2000DM.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-02-06 497008]

c:\documents and settings\Xavier\Start Menu\Programs\Startup\
Skype.lnk - c:\program files\Skype\Phone\Skype.exe [2009-01-29 23975720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-28 113664]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2005-10-09 61440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137862321\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137862321\\ee\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [2004-02-07 84224]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-02-06 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-26 24652]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-02-26 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2004-02-26 9216]
R3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\system32\drivers\skusbkbf.sys [2001-07-27 14048]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-02-06 334352]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2006-02-06 196409]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-02-06 49680]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-02-07 492888]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-02-06 677128]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-18 33752]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-08 13:36]

2007-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2004-12-05 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1085210441.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www
Trusted Zone: trendsmicro.com\www
DPF: {826287F8-454E-11D9-ADFE-00062919A34C} - hxxp://express.foto.com/activeX/newUploadFotoCom.CAB
FF - ProfilePath - c:\documents and settings\Xavier\Application Data\Mozilla\Firefox\Profiles\wbossq8f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lesoir.be/
FF - component: c:\documents and settings\Xavier\Application Data\Mozilla\Firefox\Profiles\wbossq8f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\S
¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-08 16:20:02
ComboFix-quarantined-files.txt 2009-02-08 15:20:00
ComboFix2.txt 2009-02-08 08:59:54

Pre-Run: 100.895.117.312 bytes free
Post-Run: 100,924,702,720 bytes free

1070 --- E O F --- 2008-10-31 22:31:05

Voilà

ComboFix 09-02-06.04 - Xavier 2009-02-08 17:02:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.266 [GMT 1:00]
Running from: c:\documents and settings\Xavier\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xavier\Desktop\CFscript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

........

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\S
¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-08 17:05:20
ComboFix-quarantined-files.txt 2009-02-08 16:05:18
ComboFix2.txt 2009-02-08 15:20:03
ComboFix3.txt 2009-02-08 08:59:54

Pre-Run: 100.906.184.704 bytes free
Post-Run: 100,887,805,952 bytes free

249 --- E O F --- 2008-10-31 22:31:05

ComboFix 09-02-06.04 - Xavier 2009-02-08 17:49:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.258 [GMT 1:00]
Running from: c:\documents and settings\Xavier\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xavier\Desktop\CFscript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.
...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\S
¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-08 17:52:34
ComboFix-quarantined-files.txt 2009-02-08 16:52:32
ComboFix2.txt 2009-02-08 16:05:22
ComboFix3.txt 2009-02-08 15:20:03
ComboFix4.txt 2009-02-08 08:59:54

Pre-Run: 100.794.105.856 bytes free
Post-Run: 100,776,742,912 bytes free

289 --- E O F --- 2008-10-31 22:31:05

ComboFix 09-02-06.04 - Xavier 2009-02-08 18:17:45.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.301 [GMT 1:00]
Running from: c:\documents and settings\Xavier\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xavier\Desktop\CFscript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.
...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\S
¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4127369420-2263141015-254663096-1005\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-08 18:21:29
ComboFix-quarantined-files.txt 2009-02-08 17:21:26
ComboFix2.txt 2009-02-08 16:52:36
ComboFix3.txt 2009-02-08 16:05:22
ComboFix4.txt 2009-02-08 15:20:03
ComboFix5.txt 2009-02-08 17:17:16

Pre-Run: 100.627.517.440 bytes free
Post-Run: 100,608,872,448 bytes free

271 --- E O F --- 2008-10-31 22:31:05

Le voici
-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:32, on 8/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xpoint\PE\pcrecsa.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.trendsmicro.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1234080906317&h=7a1c8beae38ab32acf291b1c1254d1c8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

Voici les deux rapports d'analyse.
(A propos, les pages perso de tuto sur AOL n'existent plus)
---------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1738
Windows 5.1.2600 Service Pack 3

8/02/2009 22:57:10
mbam-log-2009-02-08 (22-57-10).txt

Scan type: Quick Scan
Objects scanned: 57202
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Mon, Feb 09, 2009 - 00:20:33</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:49:25</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">130945</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7629</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2198</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">11031</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2640112</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">17</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">45</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Common Files\Real\Toolbar\RealBar.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.Generic.9654</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Common Files\Real\Toolbar\RealBar.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP431\A0193417.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Agent.AKUL</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP431\A0193417.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP441\A0196013.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.Generic.9654</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP441\A0196013.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>

Bonjour,

Merci pour l'aide mais je suis en déplacement durant les prochains jours. Au mieux, je pourrai continuer d'ici une dizaine de jours. En attendant, mon PC perso va rester inutilisé. Je ne manquerai pas de poster les résultats des derniers scripts que tu as proposé.

cdlt,
Xavier