Damoiselle en détresse! Virus et pb au boot

Résolu
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,





Bonjour à tous et avant tout merci!!

! Je ne suis pas si nulle que ça en informatique mais là après 4h de lutte je suis désespérée! J'ai voulu dl l'épisode 1 d'une série quand avast m'indiquait le blocage d'url et de logiciels malveillants en série.

Au reboot j'ai constaté déjà que mon pc ne se lançait pas toujours (écran noir avec uniquement curseur de souris) et des messages d'erreur de type "instruction 0x00402398" n'arrive pas à read" ainsi que de nouveaux messages d'avast. Je ne sais plus quoi faire.

J'ai suivis consciencieusement un tuto de pré-nettoyage sur Internet et voilà le lien vers le fichier info:

Avant tout MERCIIIIII pour l'aide!!!!

Caro
A voir également:

61 réponses

Précédent
Réponse 21 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
En dépits de quelques turbulences (écran bleu et reboot difficile) je suis passée sur le mode sans échec et j'ai eu bon gré mal gré un rapport de ComboFix dont voici la reproduction:

ComboFix 11-04-12.02 - Administrateur 13/04/2011 23:41:34.4.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2964 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents
C:\mtwb.dat
C:\Program Files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
C:\Program Files\Search Guard Plus
C:\Program Files\Search Guard Plus\fbsProtection.xml
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico
C:\Program Files\Search Guard PlusU
C:\Program Files\Search Guard PlusU\SGPU.ico
C:\Program Files\Search Guard PlusU\sgpUpdater.xml
C:\Program Files\SGPSA
C:\Program Files\SGPSA\BHO.dll
C:\WINDOWS\bakbdine.dll
C:\WINDOWS\system32\Thumbs.db

C:\WINDOWS\regedit.exe . . . est infecté!!


((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2011-03-13 au 2011-04-13 ))))))))))))))))))))))))))))))))))))


2011-04-13 19:19:23 . 2011-04-13 19:19:23 -------- d-----w- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PackageAware
2011-04-13 18:37:37 . 2011-04-13 18:37:44 -------- d-----w- C:\rsit
2011-04-13 17:46:58 . 2011-04-13 17:46:58 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-04-13 17:44:09 . 2011-04-13 18:37:41 -------- d-----w- C:\Program Files\Trend Micro
2011-04-13 17:40:03 . 2011-04-13 19:55:19 -------- d-----w- C:\Program Files\ZHPDiag
2011-04-13 16:26:24 . 2011-04-13 16:26:24 -------- d-----w- C:\Documents and Settings\Administrateur\.exe
2011-04-13 16:01:57 . 2011-04-13 16:01:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Grisoft
2011-04-13 16:00:39 . 2011-04-13 16:42:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-13 16:00:39 . 2011-04-13 16:01:50 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2011-04-13 15:46:54 . 2011-02-23 13:56:55 371544 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-04-13 14:24:34 . 2011-04-13 14:24:34 -------- d-----w- C:\Documents and Settings\NetworkService\Menu Démarrer
2011-03-25 17:32:10 . 2011-03-18 17:58:47 781272 ----a-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 728024 ----a-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 1975768 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 1893336 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 1874904 ----a-w- C:\Program Files\Mozilla Firefox\mozjs.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 15832 ----a-w- C:\Program Files\Mozilla Firefox\mozalloc.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 142296 ----a-w- C:\Program Files\Mozilla Firefox\libEGL.dll
2011-03-25 17:32:10 . 2011-03-18 17:58:47 142296 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-13 21:51:12 . 2009-01-24 21:46:07 16608 -c--a-w- C:\WINDOWS\gdrv.sys
2011-03-01 23:21:42 . 2009-08-18 10:30:38 564632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-01 23:21:39 . 2009-08-18 10:24:10 18328 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 14:04:21 . 2010-10-01 18:35:51 40648 ----a-w- C:\WINDOWS\avastSS.scr
2011-02-23 14:04:17 . 2009-01-24 22:12:46 190016 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-02-23 13:56:45 . 2009-01-24 22:12:55 301528 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-23 13:55:49 . 2009-01-24 22:12:56 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-23 13:55:47 . 2009-01-24 22:12:55 102232 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-23 13:55:44 . 2009-01-24 22:12:55 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-23 13:55:10 . 2009-01-24 22:12:56 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-23 13:54:57 . 2009-01-24 22:12:56 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-23 13:54:55 . 2009-01-24 22:12:55 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-09 13:54:09 . 2006-03-02 10:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:54:09 . 2006-03-02 10:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-02 07:59:09 . 2009-01-24 21:23:35 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2009-01-24 21:23:35 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe
2011-01-21 14:44:12 . 2006-03-02 10:00:00 441344 ----a-w- C:\WINDOWS\system32\shimgvw.dll
2009-04-08 12:16:06 . 2009-04-08 12:16:06 278528 ----a-w- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2011-03-18 17:58:47 . 2011-03-25 17:32:10 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------

[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[-] 2007-03-18 14:15:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[-] 2007-03-18 14:15:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[-] 2006-03-02 10:00:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2006-03-02 10:00:00 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-03-02 10:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[-] 2008-04-14 02:05:14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:05:14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[-] 2006-03-02 10:00:00 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2006-03-02 10:00:00 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2006-03-02 10:00:00 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

[-] 2006-03-02 10:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-06-20 10:44:42 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2007-03-18 14:31:03 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892 (xpsp.060420-0256)] . . C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-04-14 02:33:20 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 02:33:20 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
[-] 2006-03-02 10:00:00 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 02:34:09 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 02:34:09 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2006-03-02 10:00:00 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 02:33:34 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 02:33:34 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2007-03-18 14:13:21 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743 (xpsp.050819-1528)] . . C:\WINDOWS\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 02:33:21 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . C:\WINDOWS\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:33:21 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll
[-] 2006-03-02 10:00:00 . E2F47BBB69D1E4E5ED1AF720893B4460 . 851968 . . [2001.12.4414.258] . . C:\WINDOWS\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 02:33:39 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 02:33:39 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[-] 2008-04-14 02:33:39 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2006-03-02 10:00:00 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 02:34:28 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:34:28 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2006-03-02 10:00:00 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 02:33:21 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 02:33:21 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2006-03-02 10:00:00 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:28:20 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28:20 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-07-07 20:28:20 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[-] 2008-07-07 20:24:11 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18:27 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$NtServicePackUninstall$\es.dll
[-] 2008-04-14 02:33:24 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:33:24 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2007-03-18 14:12:48 . 2C6ACF38776AE682F4EB3310541BA55F . 243200 . . [2001.12.4414.310] . . C:\WINDOWS\$NtUninstallKB950974_0$\es.dll

[-] 2008-04-14 02:33:26 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 02:33:26 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2006-03-02 10:00:00 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 02:33:28 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 02:33:28 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2007-03-18 14:12:59 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751 (xpsp.050831-1531)] . . C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 02:33:28 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 02:33:28 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2006-03-02 10:00:00 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 02:33:33 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 02:33:33 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[-] 2008-04-14 02:30:54 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2006-03-02 10:00:00 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-03-02 10:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-03-02 10:00:00 . 75ECEFC8AB4DD9AEC9BC082D003BD90D . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 17:47:22 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 17:47:22 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-06-20 17:47:22 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[-] 2008-06-20 17:44:02 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 17:37:01 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 02:33:33 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 02:33:33 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[-] 2006-03-02 10:00:00 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 02:33:34 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 02:33:34 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2006-03-02 10:00:00 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 02:33:38 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 02:33:38 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2006-03-02 10:00:00 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 02:33:40 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 02:33:40 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2006-03-02 10:00:00 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 02:33:41 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 02:33:41 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2006-03-02 10:00:00 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 02:34:23 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 02:34:23 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2006-03-02 10:00:00 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 02:33:46 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 02:33:46 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2007-03-18 14:13:55 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716 (xpsp.050707-1657)] . . C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 02:33:48 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 02:33:48 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2007-03-18 14:13:57 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 02:34:26 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:34:26 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2006-03-02 10:00:00 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 02:33:49 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 02:33:49 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2006-03-02 10:00:00 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 02:33:49 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 02:33:49 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
[-] 2006-03-02 10:00:00 . 610EB6EE6E7E055C4D6A4FCB771BEFE8 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 02:34:03 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-04-14 02:34:03 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2007-04-09 09:50:53 . 5284B332F274BE2B576B2D3FB619FF37 . 2691584 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2006-03-02 10:00:00 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe

[-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2006-03-02 10:00:00 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 02:33:24 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 02:33:24 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2006-03-02 10:00:00 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 02:33:41 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 02:33:41 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2006-03-02 10:00:00 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 02:33:59 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:33:59 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2006-03-02 10:00:00 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 02:33:39 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 02:33:39 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2006-03-02 10:00:00 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 02:33:40 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 02:33:40 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2006-03-02 10:00:00 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 02:33:46 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 02:33:46 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2006-03-02 10:00:00 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 02:33:46 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 02:33:46 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2006-03-02 10:00:00 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 02:33:26 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 02:33:26 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
[-] 2006-03-02 10:00:00 . C6D5A055A4C0C148A2B76D462A9881D4 . 347648 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll

[-] 2008-04-14 02:33:19 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 02:33:19 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\appmgmts.dll
[-] 2006-03-02 10:00:00 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-03-02 10:00:00 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2007-03-18 14:15:00 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys

[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2006-03-02 10:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:33:31 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 02:33:31 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2006-03-02 10:00:00 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 02:33:36 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:33:36 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2006-03-02 10:00:00 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 02:33:48 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 02:33:48 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2006-03-02 10:00:00 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 02:33:23 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 02:33:23 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2006-03-02 10:00:00 . 7FD6E3D4918514565DF553BE693E3034 . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
[7] 2004-07-09 03:27:28 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[7] 2004-07-09 03:27:28 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . C:\WINDOWS\system32\dllcache\dsound.dll

[-] 2008-04-14 02:33:22 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 02:33:22 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
[-] 2006-03-02 10:00:00 . 3C0252DC0A8464ED3D9B917504652EE9 . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 02:33:22 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 02:33:22 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
[-] 2006-03-02 10:00:00 . 6A4727961CF4278D3B94E1FEEFF5128B . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
[7] 2004-07-09 03:27:28 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[7] 2004-07-09 03:27:28 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . C:\WINDOWS\system32\dllcache\ddraw.dll

[-] 2008-04-14 02:33:38 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:33:38 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
[-] 2006-03-02 10:00:00 . 5B0A274801C12E7F6F954EE12A4C3591 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 02:33:38 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 02:33:38 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
[-] 2006-03-02 10:00:00 . 8CD0F888A518A1212D88BD46FE0823DE . 42496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 02:33:48 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
[-] 2008-04-14 02:33:48 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
[-] 2006-03-02 10:00:00 . ABD4ADFCDD1ED30EAFEA78A3A69596CD . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2006-03-02 10:00:00 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 02:33:48 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 02:33:48 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\w32time.dll
[-] 2006-03-02 10:00:00 . B46F3ABAC633B2CFD34DE56FE5130735 . 177664 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 02:33:48 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 02:33:48 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wiaservc.dll
[-] 2007-03-18 14:13:59 . A3FFA6A33BAAB25849FBE10392B3D9AD . 334336 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-11-07 07:49:01 323392]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 21:12:52 3872080]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 16:01:32 19522592]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 20:25:08 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760]
"Adobe ARM"="C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 21:07:44 932288]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 15:18:48 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDesktop"="shell32.dll" [2011-01-21 14:44:12 8518656]
"nltide_3"="advpack.dll" [2010-12-20 23:06:54 124928]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 10:06:46 13801]

C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m'|\ü [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07:44 932288 ----a-r- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44:43 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-03-26 16:01:20 64032 -c--a-w- C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2010-03-26 16:01:20 2815520 -c--a-w- C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-04-13 21:38:31 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30 687560 ----a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-04-13 13:11:54 2387968 ----a-w- C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34:13 1695232 ------w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12:52 3872080 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18:48 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-26 16:01:32 19522592 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-03-26 16:01:44 84512 -c--a-w- C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-18 20:25:08 98304 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-28 21:06:38 1242448 ----a-w- C:\Program Files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44:46 248552 ----a-w- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-15 20:14:03 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-20 10:02:24 395640 ----a-w- C:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"C:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"C:\\Program Files\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\Blizzard Downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\total war shogun 2\\Shogun2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"7000:TCP"= 7000:TCP:Blizzard Downloader: 7000

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [11/11/2009 13:06:54 64288]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [13/04/2011 17:46:54 371544]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [25/01/2009 00:12:55 301528]
R2 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [28/01/2011 18:10:28 387072]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [25/01/2009 00:12:55 19544]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [13/04/2010 23:30:40 233472]
R2 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [24/01/2009 23:47:23 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 13:17:32 1181328]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\system32\drivers\AtihdXP3.sys [12/02/2011 17:18:09 101904]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [13/04/2010 23:30:40 36608]
S2 gupdate1c9edf5e748bba6;Service Google Update (gupdate1c9edf5e748bba6);C:\Program Files\Google\Update\GoogleUpdate.exe [15/06/2009 22:14:35 133104]
S2 MouseDriver;MouseDriver;C:\WINDOWS\TEMP\MouseDriver.bat --> C:\WINDOWS\TEMP\MouseDriver.bat [?]
S2 Plug Manager;Plug Manager;C:\WINDOWS\temp\Plug.bat --> C:\WINDOWS\temp\Plug.bat [?]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [08/12/2009 00:39:45 1691480]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [24/01/2011 15:49:34 310640]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [11/11/2009 16:11:59 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14:49:20 227232]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [13/04/2010 23:30:47 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [13/04/2010 23:30:47 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [13/04/2010 23:30:47 121856]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08:20 451872 ----a-w- C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe

Contenu du dossier 'Tâches planifiées'

2011-04-13 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-02-04 20:25:08]

2011-04-13 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-02-04 20:25:08]

2011-04-13 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-02-04 20:25:08]

2011-04-13 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-02-04 20:25:08]

2011-04-13 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-02-04 20:25:08]

2011-04-13 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 20:14:01 . 2009-06-15 20:14:01]

2011-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15 20:14:35 . 2009-06-15 20:14:30]

2011-04-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15 20:14:35 . 2009-06-15 20:14:30]

2011-03-11 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:10:38 . 2007-04-26 23:10:38]


------- Examen supplémentaire -------

uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: chat-land.org
FF - ProfilePath - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\bbqfnyo2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
HKCU-Run-Egogisunogewusu - C:\WINDOWS\bakbdine.dll
SafeBoot-klmdb.sys
MSConfigStartUp-ATICustomerCare - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-CloneCDTray - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-FBSearch - C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-nwiz - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-SGPUpdater - C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
HKLM_ActiveSetup-{2E9F00B8-B341-EAA8-A239-50EDEF9C55A7} - C:\WINDOWS\system32\msnmsg.exe
AddRemove-Dragon Age Awakening Redesigned - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Awakening recommended.exe
AddRemove-Dragon Age Awakening Velanna Redesigned© - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Velanna.exe
AddRemove-Dragon Age Redesigned Oghren© - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Oghren.exe
AddRemove-Dragon Age Redesigned © Morrigan - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Morrigan.exe
AddRemove-Dragon Age Redesigned© - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
AddRemove-Dragon Age Redesigned© Zevran - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Zevran.exe
AddRemove-Dragon Age Redesigned© Leliana - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Leliana.exe
AddRemove-Dragon Age Redesigned© Sten - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Sten.exe
AddRemove-Dragon Age Redesigned© Wynne - C:\Documents and Settings\Administrateur\Mes documents\BioWare\Dragon Age\packages\core\override\Uninstall Wynne.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-13 23:52:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...
0
Réponse 22 / 61
Utilisateur anonyme
 
bonjour,

ton rapport de CF n'est pas complet, peux tu me mettre juste a fin s'il te plait ?


trouve et supprime ce fichier , si tu n'y arrives pas, je le ferai auter autrement :

C:\Program Files\Application Updater\ApplicationUpdater.exe

Note : il faut faire affichier les fichiers cachés !





Rends toi sur ce site :

https://www.virustotal.com/gui/

clique sur parcourir et cherche ce fichier :


C:\Documents and Settings\Administrateur\.exe


clique sur send file
un rapport va s'élaborer ligne à ligne
attends un peu, il doit comprendre la taille du fichier envoyé
une fois le rapport complet, copie et colle le lien du rapport sur ton prochain message.
0
Réponse 23 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Rebonjour, je n'ai pas autre chose et c'est bien la fin de mon rapport combofix!

Je vais faire ce que tu me dis pour la suppression du fichier.
0
Réponse 24 / 61
Utilisateur anonyme
 
ok,

n'oublie pas de passer le fichier en bas de moon précedant message au virus total :-)

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Fichier supprimé par commande msdos mais impossible d'utiliser virus total car je n'ai pas de fichier.exe dans administrateur mais seulement un répertoire!
0
Réponse 26 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Tu me parle d'un fichier en bas de ton message, je ne vois rien de ce genre :S
0
Réponse 27 / 61
Utilisateur anonyme
 
donc ceci est un répertoire ?

C:\Documents and Settings\Administrateur\.exe



0
Réponse 28 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Oui j'ai un repertoire .exe dans mon repertoire administrateur
0
Réponse 29 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Je suis parvenue à refaire une analyse combofix, voici le log complet:

ComboFix 11-04-12.02 - Administrateur 14/04/2011 20:49:08.5.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2923 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Documents
C:\mtwb.dat
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\SGPSA\BHO.dll
c:\windows\bakbdine.dll
c:\windows\system32\Thumbs.db
.
c:\windows\regedit.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-14 au 2011-04-14 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-13 20:37 . 2011-04-13 20:48 -------- d-----w- C:\## aswSnx private storage
2011-04-13 19:19 . 2011-04-13 19:19 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PackageAware
2011-04-13 18:37 . 2011-04-13 18:37 -------- d-----w- C:\rsit
2011-04-13 17:46 . 2011-04-13 17:46 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-04-13 17:44 . 2011-04-13 18:37 -------- d-----w- c:\program files\Trend Micro
2011-04-13 17:40 . 2011-04-13 19:55 -------- d-----w- c:\program files\ZHPDiag
2011-04-13 16:26 . 2011-04-13 16:26 -------- d-----w- c:\documents and settings\Administrateur\.exe
2011-04-13 16:01 . 2011-04-13 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2011-04-13 16:00 . 2011-04-13 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-13 16:00 . 2011-04-13 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-13 15:46 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-13 14:24 . 2011-04-13 14:24 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer
2011-03-25 17:32 . 2011-03-18 17:58 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 17:32 . 2011-03-18 17:58 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 17:32 . 2011-03-18 17:58 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 17:32 . 2011-03-18 17:58 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 17:32 . 2011-03-18 17:58 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 17:32 . 2011-03-18 17:58 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 17:32 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 17:32 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 17:31 . 2009-01-24 21:46 16608 -c--a-w- c:\windows\gdrv.sys
2011-03-01 23:21 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-01 23:21 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 14:04 . 2010-10-01 18:35 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2009-01-24 22:12 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2009-01-24 22:12 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2009-01-24 22:12 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2009-01-24 22:12 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2009-01-24 22:12 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2009-01-24 22:12 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2009-01-24 22:12 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-01-24 22:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:54 . 2006-03-02 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2006-03-02 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2009-01-24 21:23 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-01-24 21:23 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 10:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2009-04-08 12:16 . 2009-04-08 12:16 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-03-18 17:58 . 2011-03-25 17:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2007-03-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2007-03-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[-] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-03-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-03-02 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-03-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-03-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-03-18 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-03-02 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-03-02 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2007-03-18 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 02:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-03-02 10:00 . E2F47BBB69D1E4E5ED1AF720893B4460 . 851968 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-03-02 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-03-02 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-03-02 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2007-03-18 14:12 . 2C6ACF38776AE682F4EB3310541BA55F . 243200 . . [2001.12.4414.310] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-03-02 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2007-03-18 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-03-02 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2006-03-02 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-03-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-03-02 . 75ECEFC8AB4DD9AEC9BC082D003BD90D . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2006-03-02 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-03-02 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-03-02 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-03-02 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-03-02 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-03-02 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2007-03-18 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-18 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-03-02 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-03-02 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-03-02 . 610EB6EE6E7E055C4D6A4FCB771BEFE8 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-04-09 . 5284B332F274BE2B576B2D3FB619FF37 . 2691584 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-03-02 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-03-02 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-03-02 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-03-02 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-03-02 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-03-02 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-03-02 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-03-02 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-03-02 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-03-02 . C6D5A055A4C0C148A2B76D462A9881D4 . 347648 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-03-02 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-03-02 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2007-03-18 14:15 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-03-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-03-02 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-03-02 10:00 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-03-02 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-03-02 . 7FD6E3D4918514565DF553BE693E3034 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[7] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[7] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-03-02 . 3C0252DC0A8464ED3D9B917504652EE9 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-03-02 . 6A4727961CF4278D3B94E1FEEFF5128B . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[7] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[7] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 02:33 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:33 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-03-02 10:00 . 5B0A274801C12E7F6F954EE12A4C3591 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-03-02 . 8CD0F888A518A1212D88BD46FE0823DE . 42496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-03-02 . ABD4ADFCDD1ED30EAFEA78A3A69596CD . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-03-02 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-03-02 . B46F3ABAC633B2CFD34DE56FE5130735 . 177664 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2007-03-18 . A3FFA6A33BAAB25849FBE10392B3D9AD . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Egogisunogewusu"="c:\windows\bakbdine.dll" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDesktop"="shell32.dll" [2011-01-21 8518656]
"nltide_3"="advpack.dll" [2010-12-20 124928]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m'|\ü [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-03-26 16:01 64032 -c--a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2010-03-26 16:01 2815520 -c--a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-04-13 21:38 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
c:\program files\SlySoft\CloneCD\CloneCDTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBSearch]
c:\program files\Search Guard Plus\SearchGuardPlus.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-04-13 13:11 2387968 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
c:\program files\NVIDIA Corporation\nView\nwiz.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-26 16:01 19522592 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SGPUpdater]
c:\program files\Search Guard PlusU\sgpUpdaters.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-03-26 16:01 84512 -c--a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-18 20:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-28 21:06 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-15 20:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-20 10:02 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\Blizzard Downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\total war shogun 2\\Shogun2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"7000:TCP"= 7000:TCP:Blizzard Downloader: 7000
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/11/2009 13:06 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 13:17 1181328]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/04/2011 17:46 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/01/2009 00:12 301528]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/01/2009 00:12 19544]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [13/04/2010 23:30 233472]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [24/01/2009 23:47 80392]
S2 gupdate1c9edf5e748bba6;Service Google Update (gupdate1c9edf5e748bba6);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2009 22:14 133104]
S2 MouseDriver;MouseDriver;c:\windows\TEMP\MouseDriver.bat --> c:\windows\TEMP\MouseDriver.bat [?]
S2 Plug Manager;Plug Manager;c:\windows\temp\Plug.bat --> c:\windows\temp\Plug.bat [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/12/2009 00:39 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/02/2011 17:18 101904]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [13/04/2010 23:30 36608]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2011 15:49 310640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/11/2009 16:11 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14:49 227232]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [13/04/2010 23:30 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [13/04/2010 23:30 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [13/04/2010 23:30 121856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2E9F00B8-B341-EAA8-A239-50EDEF9C55A7}]
c:\windows\system32\msnmsg.exe [BU]
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:25]
.
2011-04-14 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:25]
.
2011-04-14 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:25]
.
2011-04-14 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:25]
.
2011-04-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:25]
.
2011-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 20:14]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-15 20:14]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-15 20:14]
.
2011-03-11 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:10]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: chat-land.org
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\bbqfnyo2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MouseDriver]
"ImagePath"="%SystemRoot%\TEMP\MouseDriver.bat"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Plug Manager]
"ImagePath"="%SystemRoot%\temp\Plug.bat"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-2049760794-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a7,98,24,84,38,45,fb,31,3e,61,c8,26,6d,ee,c9,ac,9c,8b,48,f6,73,49,7b,
72,ea,8b,7a,86,79,f6,69,0d,cf,0e,ea,b6,23,5b,d9,f2,18,9e,13,58,28,41,64,43,\
"??"=hex:61,f0,7c,61,8c,29,e2,36,2b,2d,7b,c4,ba,11,50,fa
.
[HKEY_USERS\S-1-5-21-1708537768-2049760794-839522115-500\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:61,40,d4,24,56,15,60,71,af,7c,54,f6,e0,5a,8e,29,85,d2,74,df,66,
89,79,d3,42,98,ba,74,9c,70,68,ed,3e,48,bc,b7,b0,21,7e,19,76,0e,a5,be,59,69,\
"rkeysecu"=hex:c9,33,a6,ec,2a,70,08,b3,4a,ef,31,8b,08,22,93,ad
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2011-04-14 20:56:21
ComboFix-quarantined-files.txt 2011-04-14 18:56
.
Avant-CF: 37 811 777 536 octets libres
Après-CF: 37 793 062 912 octets libres
.
- - End Of File - - 0B4F5FB391EF53F4A6EE2E5D0B45604B
0
Réponse 30 / 61
Utilisateur anonyme
 
* /!\AVERTISSEMENT :
ce script n'est à utiliser que pour ce pc infecté et sur ce topic, il n'est valable pour aucun autre pc.


Télécharge OtmoveIT (de Old_Timer) sur ton Bureau

http://itxassociates.com/OT-Tools/OTM.exe
ou :
https://www.androidworld.fr/


(c est le numéro 7 en bas de la page) :

* Double-clique sur OTMoveIt.exe pour le lancer.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


:processes
explorer.exe

:files
c:\program files\Search Guard PlusU
c:\program files\SGPSA
c:\program files\pdfforge Toolbar
c:\program files\Application Updater

:reg

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBSearch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SGPUpdater]


:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]


# clique sur MoveIt! pour lancer la suppression.

# Le résultat apparaitra dans le cadre "Results".

# Clique sur Exit pour fermer.

# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 31 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\program files\Search Guard PlusU not found.
File/Folder c:\program files\SGPSA not found.
c:\program files\pdfforge Toolbar\Res folder moved successfully.
c:\program files\pdfforge Toolbar\IE\4.3 folder moved successfully.
c:\program files\pdfforge Toolbar\IE folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome\content folder moved successfully.
c:\program files\pdfforge Toolbar\FF\chrome folder moved successfully.
c:\program files\pdfforge Toolbar\FF folder moved successfully.
c:\program files\pdfforge Toolbar folder moved successfully.
c:\program files\Application Updater folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBSearch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SGPUpdater\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 673740 bytes
->Temporary Internet Files folder emptied: 782402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 142516826 bytes
->Flash cache emptied: 347691 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 962 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 2548224 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 125952 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33961 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04142011_211506

Files moved on Reboot...
File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\Y22U92J3\01[1].htm not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 32 / 61
Utilisateur anonyme
 
relance zhpdiag, clique sur la flèche verte pour lancer une mise à jour de l'outil,

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://dl.free.fr
ou :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.terafiles.net/


je m'absente, je regarde la suite demain , @ ++
0
Réponse 33 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà c'est fait, voici l'url du fichier:

http://dl.free.fr/getfile.pl?file=/4ml1WXR2

Merci, à demain +++ :)
0
Réponse 34 / 61
Utilisateur anonyme
 
bonjour,

* Télécharge de AD-Remover sur ton Bureau. (Merci à l'équipe TeamXscript)
http://www.teamxscript.org/adremoverTelechargement.html
( Lien officiel )

https://www.androidworld.fr/
( Miroir )
/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Rechercher »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
0
Réponse 35 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour, voilà le rapport:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 10:29:47 le 15/04/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Administrateur@WINXPCRA-F203CF ( )

============== RECHERCHE ==============

Service: "Application Updater" Présent

Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier trouvé: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default\searchplugins\cherche.xml
Fichier trouvé: C:\Documents and Settings\Administrateur\scriptjava.html
Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\pdfforge
Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Search Settings
Dossier trouvé: C:\Program Files\Fichiers communs\Spigot
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier trouvé: C:\Program Files\Viewpoint

-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultthis.engineName", "Fast Browser Search");
Ligne trouvée: user_pref("browser.search.order.1", "Fast Browser Search");
Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne trouvée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&...
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé trouvée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé trouvée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé trouvée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé trouvée: HKLM\Software\Classes\AppID\BHO.dll
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKLM\Software\bandoo
Clé trouvée: HKLM\Software\MetaStream
Clé trouvée: HKLM\Software\pdfforge
Clé trouvée: HKLM\Software\Viewpoint
Clé trouvée: HKCU\Software\AppDataLow\Software\pdfforge
Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
Clé trouvée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC8E93AB-6BC9-4c34-83E2-FDA67E922861}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0 (fr)] ****

Plugins\libdivx.dll (The OpenSSL Project, https://www.openssl.org/
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\ssldivx.dll (The OpenSSL Project, https://www.openssl.org/
HKLM_MozillaPlugins\@viewpoint.com/VMP (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\AskSearch.js
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default --
Extensions\radiobar@toolbar (RadioBar Toolbar)
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c} (Add N Edit Cookies)
Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} (DownThemAll!)
Searchplugins\cherche.xml (hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A55...)
Prefs.js - browser.download.lastDir, G:\\Terminale S\\Histoire\\Partie III La France et la Ve République
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [7.0.5730.11] ****

HKCU_Main|Default_Search_URL - hxxp://www.google.com
HKCU_Main|SearchMigratedDefaultURL - hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A55...
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://www.google.com
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search bar - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
AboutUrls|Tabs - hxxp://www.fastbrowsersearch.com/new-tab/?v=19&tid={EEC85AFA-CB5B-4232-87B5-D983B2AE3FE5}
HKCU_URLSearchHooks|{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - "DeviceVM Url Search Hook" (C:\WINDOWS\system32\dvmurl.dll)
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKLM_ElevationPolicy\{EC8E93AB-6BC9-4c34-83E2-FDA67E922861} - C:\Program Files\Fast Browser Search\IE\ClearRecycleBin.exe (x)
HKLM_Extensions\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - "Add to VideoGet" (C:\Program Files\Nuclear Coffee\VideoGet\VideoGet.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 15/04/2011 10:30:28 (7210 Octet(s))

Fin à: 10:30:54, 15/04/2011

============== E.O.F ==============
0
Réponse 36 / 61
Utilisateur anonyme
 
relance ADR, clique sur Nettoyer, poste son rapport
0
Réponse 37 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 18:22:58 le 15/04/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Administrateur@WINXPCRA-F203CF ( )

============== ACTION(S) ==============

Service: "Application Updater" Stoppé et supprimé

Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier supprimé: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default\searchplugins\cherche.xml
Fichier supprimé: C:\Documents and Settings\Administrateur\scriptjava.html
Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\pdfforge
Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Search Settings
Dossier supprimé: C:\Program Files\Fichiers communs\Spigot
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier supprimé: C:\Program Files\Viewpoint

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default\Prefs.js --
Ligne supprimée: user_pref("browser.search.defaultthis.engineName", "Fast Browser Search");
Ligne supprimée: user_pref("browser.search.order.1", "Fast Browser Search");
Ligne supprimée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne supprimée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&...
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé supprimée: HKLM\Software\Classes\AppID\BHO.dll
Clé supprimée: HKLM\Software\Application Updater
Clé supprimée: HKLM\Software\AskBarDis
Clé supprimée: HKLM\Software\bandoo
Clé supprimée: HKLM\Software\MetaStream
Clé supprimée: HKLM\Software\pdfforge
Clé supprimée: HKLM\Software\Viewpoint
Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge
Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings
Clé supprimée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC8E93AB-6BC9-4c34-83E2-FDA67E922861}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé supprimée: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0 (fr)] ****

Plugins\libdivx.dll (The OpenSSL Project, https://www.openssl.org/
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\ssldivx.dll (The OpenSSL Project, https://www.openssl.org/
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\bbqfnyo2.default --
Extensions\radiobar@toolbar (RadioBar Toolbar)
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c} (Add N Edit Cookies)
Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} (DownThemAll!)
Prefs.js - browser.download.lastDir, G:\\Terminale S\\Histoire\\Partie III La France et la Ve République
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [7.0.5730.11] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - "DeviceVM Url Search Hook" (C:\WINDOWS\system32\dvmurl.dll)
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKLM_Extensions\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - "Add to VideoGet" (C:\Program Files\Nuclear Coffee\VideoGet\VideoGet.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 52 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 15/04/2011 18:23:06 (6125 Octet(s))
C:\Ad-Report-SCAN[1].txt - 15/04/2011 10:30:28 (8138 Octet(s))

Fin à: 18:23:44, 15/04/2011

============== E.O.F ==============
0
Réponse 38 / 61
Utilisateur anonyme
 
relance ADR, clique sur désinstaller,



relance zhpdiag,

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://dl.free.fr
ou :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.terafiles.net/



0
Réponse 39 / 61
Caroline692 Messages postés 36 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà:

http://www.cijoint.fr/cjlink.php?file=cj201104/cijnRQ2KdI.txt
0
Réponse 40 / 61
Utilisateur anonyme
 
désinstalle adaware et spybot, ils sont inutiles!!


télécharge et enregistre ce fichier sur ton bureau :

http://www.cijoint.fr/cjlink.php?file=cj201104/cijSNy1uLC.txt

* Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)


fais un Glisser/déposer du fichier dans la fenêtre de zhpfix

- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse

0

Discussions similaires

Boot failure detected
Loshxn -
georges97 -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Aide Please select boot device
Romanitouu -
jee pee -

1 réponse
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses