J'ai un virus adware generic2.KFZ

aridza -  
 aridza -
Bonjour,
Depuis vendredi j'ai un virus qui m'empeche de surfer sur internet avec explorer, j'ai enfin reussi a telecharger firefox qui marche!
Le virus etait antivirus XP 2008, je crois l'avoir enlevé mais mon ordi marche toujour de maniere etrange.
Sur EI je suis redirectée sur des pages d'erreurs et sur mon ecran je ne vois plus toutes l'heure, il manque les minute (page trop grande d'un poil)
Je n'arrive pas a demarrer en mode sans echec.
Mon logiciel d'anti virus est AVG, que je viens de re-instaler car je ne pouvais pas faire de mise a jour.
Merci de toute aide!
Configuration: Windows XP
Firefox 3.0

15 réponses

  1. C_XX
     
    problème RESOLU !!

    Pas tout à fait
    Acrobat 6.0

    jre1.6.0_05

    Failles de sécurité , tu connais ?
    1
    1. aridza
       
      c quoi le probleme?
      0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    y a pas de problemes, fais la mise à jour de java : https://www.java.com/fr/download/manual.jsp

    et fais aussi la mise à jour d adobe reader : adobe reader : http://www.clubic.com/lancer-le-telechargement-37823-0-adobe-reader-acrobat.html

    il discute là dessus alors que ce n est pas un gros probleme...

    moi je n ai jamais eu de problemes alors que ca fait + d un an que je suis toujours à acrobat reader 5.0...Ce n est pas un programme tres utilisé
    1
    1. Utilisateur anonyme
       
      Et aussi petite passa mets a jour ton Windows.
      0
      1. aridza > Utilisateur anonyme
         
        J'ai un probleme pour les mises a jour microsoft depuis un bon moment, j'arrive a les telecharger mais pas a les installer, a chaque fois j'au un message disant qu'elles ne sont pas installeés.
        0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    pour y voir plus clair :

    Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

    -une fois installé, le renommer scan.exe
    -Double-clic dessus
    - Clic sur "Do a system scan and save the log"
    - copier le rapport, le coller dans la réponse
    0
    1. aridza
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:55:42, on 30/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\AVG\AVG8\avgui.exe
      C:\Program Files\AVG\AVG8\avgscanx.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\elise thibaux\Bureau\scan.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7D8F0397-084A-4107-845F-37F226902B55} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {7FC6B132-EA18-4D69-86E0-423E7B940BDC} - C:\WINDOWS\system32\yayxyyaw.dll
      O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\oggview.dll
      O2 - BHO: (no name) - {F02C3F32-B3E7-47AD-A58C-8F91C94791B4} - C:\WINDOWS\system32\ddcaYpPF.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [f4d70478] rundll32.exe "C:\WINDOWS\system32\jlekslih.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: PowerReg Scheduler V3.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab
      O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/...
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
      O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
      O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/chuzzle/sis/popcaploader_v10.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O20 - Winlogon Notify: yayxyyaw - C:\WINDOWS\SYSTEM32\yayxyyaw.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      0
  4. lecristal Messages postés 961 Date d'inscription   Statut Membre Dernière intervention   18
     
    bonjour
    pourrais tu faire un scan complet de ton pc avec ton anti virus
    merci d'avance
    et apres tu reviens nous voir
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu as quelques infections :

    Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

    = double-clic sur mbam-setup pour lancer l'installation
    = Installer simplement sans rien modifier
    = Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
    = Clic Rechercher
    = Eventuellement décocher les disque à ne pas analyser
    = Clic Lancer l'examen
    = En fin de scan , si infection trouvée
    ==> Clic Afficher résultat
    = Fermer vos applications en cours
    = Vérifier si tout est coché et clic Supprimer la sélection

    un rapport s'ouvre le copier et le coller dans la réponse

    Puis redémarrer le pc !!

    ensuite :

    Télécharge sur le bureau virtumundobegone :
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    déconnecte internet et désactive ton antivirus le temps de la manipulation

    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    ensuite :

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Et refais un nouveau rapport hijackthis stp
    0
    1. aridza
       
      voici le log de mbam

      Malwarebytes' Anti-Malware 1.19
      Version de la base de données: 907
      Windows 5.1.2600 Service Pack 2

      20:10:33 30/06/2008
      mbam-log-6-30-2008 (20-10-33).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 237480
      Temps écoulé: 3 hour(s), 31 minute(s), 29 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 4
      Clé(s) du Registre infectée(s): 28
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 4
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 28

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\ddcaYpPF.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\jlekslih.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\yayxyyaw.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\oggview.dll (Trojan.FakeAlert) -> Unloaded module successfully.

      je dois encore faire les autre!
      0
    2. aridza
       
      le vmundo log


      [06/30/2008, 20:26:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\elise thibaux\Bureau\VirtumundoBeGone.exe" )
      [06/30/2008, 20:26:51] - Detected System Information:
      [06/30/2008, 20:26:51] - Windows Version: 5.1.2600, Service Pack 2
      [06/30/2008, 20:26:51] - Current Username: elise thibaux (Admin)
      [06/30/2008, 20:26:51] - Windows is in NORMAL mode.
      [06/30/2008, 20:26:51] - Searching for Browser Helper Objects:
      [06/30/2008, 20:26:51] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [06/30/2008, 20:26:51] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [06/30/2008, 20:26:51] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [06/30/2008, 20:26:51] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
      [06/30/2008, 20:26:51] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [06/30/2008, 20:26:51] - BHO 6: {7D8F0397-084A-4107-845F-37F226902B55} ()
      [06/30/2008, 20:26:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/30/2008, 20:26:51] - No filename found. Continuing.
      [06/30/2008, 20:26:51] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/30/2008, 20:26:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/30/2008, 20:26:51] - No filename found. Continuing.
      [06/30/2008, 20:26:51] - BHO 8: {7FC6B132-EA18-4D69-86E0-423E7B940BDC} ()
      [06/30/2008, 20:26:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/30/2008, 20:26:51] - No filename found. Continuing.
      [06/30/2008, 20:26:51] - BHO 9: {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} ()
      [06/30/2008, 20:26:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/30/2008, 20:26:51] - No filename found. Continuing.
      [06/30/2008, 20:26:51] - BHO 10: {F02C3F32-B3E7-47AD-A58C-8F91C94791B4} ()
      [06/30/2008, 20:26:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/30/2008, 20:26:51] - No filename found. Continuing.
      [06/30/2008, 20:26:51] - Finished Searching Browser Helper Objects
      [06/30/2008, 20:26:51] - Finishing up...
      [06/30/2008, 20:26:51] - Nothing found! Exiting...
      0
  7. yosra 007
     
    merci geoffrey5 c'est une bonne aide
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    mais de rien ;)

    j attends tes 4 rapports pour les analyser
    0
    1. aridza
       
      voici le log mbam, je dois encore faire les autre.


      Malwarebytes' Anti-Malware 1.19
      Version de la base de données: 907
      Windows 5.1.2600 Service Pack 2

      20:10:33 30/06/2008
      mbam-log-6-30-2008 (20-10-33).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 237480
      Temps écoulé: 3 hour(s), 31 minute(s), 29 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 4
      Clé(s) du Registre infectée(s): 28
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 4
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 28

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\ddcaYpPF.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\jlekslih.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\yayxyyaw.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\oggview.dll (Trojan.FakeAlert) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f02c3f32-b3e7-47ad-a58c-8f91c94791b4} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{f02c3f32-b3e7-47ad-a58c-8f91c94791b4} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{7fc6b132-ea18-4d69-86e0-423e7b940bdc} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fc6b132-ea18-4d69-86e0-423e7b940bdc} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayxyyaw (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
      \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
      \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f4d70478 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc6b132-ea18-4d69-86e0-423e7b940bdc} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcayppf -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcayppf -> Delete on reboot.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\ddcaYpPF.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\FPpYacdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\FPpYacdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jlekslih.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\hilskelj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\yayxyyaw.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\oggview.dll (Trojan.FakeAlert) -> Delete on reboot.
      C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temporary Internet Files\Content.IE5\2WALEC1O\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temporary Internet Files\Content.IE5\IF1EACA9\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{21B75C93-FC73-46D7-8273-217D4EC83A68}\RP307\A0046961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{21B75C93-FC73-46D7-8273-217D4EC83A68}\RP307\A0046981.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{21B75C93-FC73-46D7-8273-217D4EC83A68}\RP307\A0046996.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{21B75C93-FC73-46D7-8273-217D4EC83A68}\RP308\A0047025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\xmlview.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\blphccd3j0eedr.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lphccd3j0eedr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\phccd3j0eedr.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pphccd3j0eedr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\elise thibaux\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
      1. aridza > aridza
         
        le combofix

        ComboFix 08-06-20.4 - elise thibaux 2008-06-30 21:48:14.1 - NTFSx86
        Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.774 [GMT 2:00]
        Endroit: C:\Documents and Settings\elise thibaux\Bureau\ComboFix.exe
        * Création d'un nouveau point de restauration

        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\Downloaded Program Files\setup.inf
        C:\WINDOWS\system32\ddcaYpPF.dll
        C:\WINDOWS\system32\FPpYacdd.ini
        C:\WINDOWS\system32\FPpYacdd.ini2
        C:\WINDOWS\system32\mcrh.tmp
        C:\WINDOWS\system32\neiiwdcb.ini
        C:\WINDOWS\system32\qwgccmwq.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Legacy_CLBDRIVER
        -------\Legacy_POOF
        -------\Service_clbdriver


        ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
        .

        2009-03-07 02:17 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
        2009-03-07 02:17 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
        2009-03-07 02:17 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
        2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Documents and Settings\elise thibaux\Application Data\Malwarebytes
        2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-06-30 11:46 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
        2008-06-30 11:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
        2008-06-30 10:28 . 2008-06-30 11:36 <REP> d--h----- C:\$AVG8.VAULT$
        2008-06-30 10:17 . 2008-06-30 10:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
        2008-06-30 10:17 . 2008-06-30 10:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
        2008-06-30 10:17 . 2008-06-30 10:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
        2008-06-30 10:16 . 2008-06-30 10:25 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
        2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Program Files\AVG
        2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Documents and Settings\elise thibaux\Application Data\AVGTOOLBAR
        2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
        2008-06-30 09:30 . 2008-06-30 09:30 0 --a------ C:\WINDOWS\nsreg.dat
        2008-06-30 00:35 . 2008-06-30 00:35 10 --a------ C:\WINDOWS\WININIT.INI
        2008-06-30 00:22 . 2008-06-30 00:22 <REP> d-------- C:\Program Files\Avira
        2008-06-30 00:22 . 2008-06-30 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
        2008-06-29 22:29 . 2008-06-29 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
        2008-06-29 22:29 . 2008-06-29 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-06-29 21:33 . 2008-06-30 20:10 92,032 --------- C:\WINDOWS\system32\jlekslih.dll
        2008-06-28 03:05 . 2008-06-29 22:29 <REP> d-------- C:\Program Files\Lavasoft
        2008-06-28 03:04 . 2008-06-30 00:35 <REP> d-------- C:\Program Files\rhc9d3j0eedr
        2008-06-28 00:35 . 2008-06-30 20:10 28,800 --------- C:\WINDOWS\system32\yayxyyaw.dll
        2008-06-28 00:35 . 2004-08-05 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
        2008-06-28 00:29 . 2008-06-30 20:10 26,624 --------- C:\WINDOWS\system32\oggview.dll
        2008-06-10 20:58 . 2008-06-10 20:58 <REP> d-------- C:\tmp
        2008-06-02 15:36 . 2008-06-22 09:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-06-02 15:36 . 2008-06-02 15:36 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-06-02 15:35 . 2008-06-02 15:35 <REP> d-------- C:\Program Files\Bonjour
        2008-06-02 15:34 . 2008-06-02 15:34 <REP> d-------- C:\Program Files\QuickTime
        2008-06-02 15:34 . 2008-06-02 15:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
        2008-06-02 15:32 . 2008-06-02 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Apple
        2008-05-17 16:19 . 2008-05-17 16:20 <REP> d-------- C:\Program Files\BearShare
        2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
        2008-05-12 22:23 . 2005-04-15 19:58 1,351,392 --a------ C:\WINDOWS\system32\COMCTL32.OCX
        2008-05-12 22:23 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
        2008-05-12 22:23 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
        2008-05-12 22:23 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
        2008-05-12 22:23 . 2004-08-04 06:21 81,920 --a------ C:\WINDOWS\system32\MSADO25.TLB
        2008-05-12 22:23 . 2006-03-17 15:53 53,248 --a------ C:\WINDOWS\system32\ARMACCESS.DLL
        2008-05-12 22:23 . 2008-05-14 23:41 1,398 --a------ C:\WINDOWS\[u]0[/u]
        2008-05-12 22:23 . 2008-05-14 23:41 186 --a------ C:\WINDOWS\Faux
        2008-05-12 22:23 . 2008-05-14 23:41 85 --a------ C:\WINDOWS\Times New Roman

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-02-16 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
        2008-06-30 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-06-30 08:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
        2008-06-27 23:05 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Lavasoft
        2008-06-22 08:48 --------- d-----w C:\Program Files\Fichiers communs\Real
        2008-06-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Nikon
        2008-06-16 16:29 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Nikon
        2008-06-16 15:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
        2008-06-16 15:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
        2008-06-02 13:36 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Apple Computer
        2008-05-16 20:57 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
        2008-05-04 09:24 --------- d-----w C:\Program Files\Yahoo! Games
        2008-05-04 09:24 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\PlayFirst
        2008-05-04 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
        2008-04-29 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Player Metaboli
        2008-04-29 22:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-04-29 22:07 --------- d-----w C:\Program Files\AMD
        2008-04-29 22:03 --------- d-----w C:\Program Files\ma-config.com
        2008-04-29 22:03 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\ma-config.com
        2008-04-29 21:55 --------- d-----w C:\Program Files\SystemRequirementsLab
        2008-04-29 21:33 --------- d-----w C:\Program Files\Power IE
        2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
        2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
        2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
        2008-04-07 09:09 294 ----a-w C:\Documents and Settings\elise thibaux\Application Data\wklnhst.dat
        2008-03-29 04:40 167,936 ------w C:\WINDOWS\system32\atiok3x2.dll
        2008-03-29 04:04 299,008 ------w C:\WINDOWS\system32\ati2dvag.dll
        2008-03-29 03:56 172,032 ------w C:\WINDOWS\system32\atipdlxx.dll
        2008-03-29 03:55 43,520 ------w C:\WINDOWS\system32\ati2edxx.dll
        2008-03-29 03:55 126,976 ------w C:\WINDOWS\system32\ati2evxx.dll
        2008-03-29 03:54 536,576 ------w C:\WINDOWS\system32\ati2evxx.exe
        2008-03-29 03:43 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll
        2008-03-29 03:36 1,765,120 ------w C:\WINDOWS\system32\ativvaxx.dll
        2008-03-29 03:21 393,216 ------w C:\WINDOWS\system32\atikvmag.dll
        2008-03-29 03:12 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll
        2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
        2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
        2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
        2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
        2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
        2007-09-25 13:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
        2007-08-11 17:24 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
        .

        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D8F0397-084A-4107-845F-37F226902B55}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FC6B132-EA18-4D69-86E0-423E7B940BDC}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F02C3F32-B3E7-47AD-A58C-8F91C94791B4}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
        "f4d70478"="C:\WINDOWS\system32\jlekslih.dll" [2008-06-30 20:10 92032]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxyyaw]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=avgrsstx.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
        @=""

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
        --a------ 2007-03-07 18:30 270336 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
        --a------ 2007-03-05 23:57 1103480 C:\Program Files\Download Manager\DLM.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
        --a------ 2004-08-27 04:01 1450096 C:\Program Files\Ahead\InCD\InCD.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphccd3j0eedr]
        C:\WINDOWS\system32\lphccd3j0eedr.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
        --a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc9d3j0eedr]
        C:\Program Files\rhc9d3j0eedr\rhc9d3j0eedr.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
        --a------ 2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
        --a------ 2007-06-08 16:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
        "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=
        "C:\\Program Files\\mIRC\\mirc.exe"=
        "C:\\TMD-Recruit.5.0\\mirc.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "C:\\Program Files\\BearShare\\BearShare.exe"=
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
        "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

        R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-30 10:17]
        R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-30 10:16]
        R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-30 10:16]
        R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-30 10:17]
        R3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-12-05 14:51]
        R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 21:19]
        S3 ALI5261;Pilote NT de base Ethernet ALi;C:\WINDOWS\system32\DRIVERS\ALI5261.SYS [2001-08-17 20:11]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a2b6a9-7d52-11dc-b968-00138f075d19}]
        \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

        .
        Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
        "2008-06-30 07:18:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        .
        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-30 22:02:14
        Windows 5.1.2600 Service Pack 2 NTFS

        Balayage processus cach‚s ...

        Balayage cach‚ autostart entries ...

        Balayage des fichiers cach‚s ...

        Scan termin‚ avec succŠs
        Les fichiers cach‚s: 0

        **************************************************************************
        .
        ------------------------ Other Running Processes ------------------------
        .
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wbem\wmiadap.exe
        C:\Program Files\AVG\AVG8\avgrsx.exe
        C:\WINDOWS\SoftwareDistribution\Download\9ba9675594796c70a279084c24cd7675\update\update.exe
        .
        **************************************************************************
        .
        Temps d'accomplissement: 2008-06-30 22:06:34 - machine was rebooted
        ComboFix-quarantined-files.txt 2008-06-30 20:06:25

        Pre-Run: 55,297,110,016 octets libres
        Post-Run: 60,610,174,976 octets libres

        216 --- E O F --- 2008-06-30 20:05:41


        Pardon, je me suis trompée donc les log so + haut!
        Et voici le highjackthis :
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 22:15:52, on 30/06/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.5730.0013)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        C:\PROGRA~1\AVG\AVG8\avgemc.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\AVG\AVG8\avgrsx.exe
        C:\Program Files\AVG\AVG8\avgrsx.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\elise thibaux\Bureau\scan.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [f4d70478] rundll32.exe "C:\WINDOWS\system32\jlekslih.dll",b
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: PowerReg Scheduler V3.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab
        O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/...
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
        O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
        O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
        O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
        O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
        O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O20 - AppInit_DLLs: avgrsstx.dll
        O20 - Winlogon Notify: yayxyyaw - C:\WINDOWS\
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
        O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
        0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Copie le texte ci-dessous :

    File::
    c:\windows\system32\jlekslih.dll
    c:\program files\mirc\mirc.exe

    Folder::

    Registry::

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    ensuite :

    Fix.reg

    Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "f4d70478"=-


    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
    Puis click sur "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    ca doit ressembler a ca une fois enrregistré :

    http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite refais un nouveau rapport hijack pour vérifier stp
    0
    1. aridza
       
      ComboFix 08-06-20.4 - elise thibaux 2008-07-01 14:16:45.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.525 [GMT 2:00]
      Endroit: C:\Documents and Settings\elise thibaux\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\elise thibaux\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      c:\program files\mirc\mirc.exe
      c:\windows\system32\jlekslih.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\mirc\mirc.exe
      c:\windows\system32\jlekslih.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))
      .

      2009-03-07 02:17 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2009-03-07 02:17 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
      2009-03-07 02:17 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2008-06-30 23:30 . 2008-06-30 23:30 <REP> d-------- C:\Documents and Settings\elise thibaux\Application Data\ATI
      2008-06-30 23:30 . 2008-06-30 23:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
      2008-06-30 23:22 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
      2008-06-30 23:21 . 2008-06-30 23:23 <REP> d-------- C:\Program Files\ATI Technologies
      2008-06-30 22:42 . 2008-06-30 22:42 <REP> d-------- C:\Program Files\ma-config.com
      2008-06-30 22:42 . 2008-06-30 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
      2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Documents and Settings\elise thibaux\Application Data\Malwarebytes
      2008-06-30 11:46 . 2008-06-30 11:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-30 11:46 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-30 11:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-06-30 10:28 . 2008-07-01 04:47 <REP> d--h----- C:\$AVG8.VAULT$
      2008-06-30 10:17 . 2008-06-30 10:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
      2008-06-30 10:17 . 2008-06-30 10:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
      2008-06-30 10:17 . 2008-06-30 10:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
      2008-06-30 10:16 . 2008-07-01 08:47 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
      2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Program Files\AVG
      2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Documents and Settings\elise thibaux\Application Data\AVGTOOLBAR
      2008-06-30 10:16 . 2008-06-30 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
      2008-06-30 09:30 . 2008-06-30 09:30 0 --a------ C:\WINDOWS\nsreg.dat
      2008-06-30 00:35 . 2008-06-30 00:35 10 --a------ C:\WINDOWS\WININIT.INI
      2008-06-30 00:22 . 2008-06-30 00:22 <REP> d-------- C:\Program Files\Avira
      2008-06-30 00:22 . 2008-06-30 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-06-29 22:29 . 2008-06-29 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-06-29 22:29 . 2008-06-29 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-06-28 03:05 . 2008-06-29 22:29 <REP> d-------- C:\Program Files\Lavasoft
      2008-06-28 03:04 . 2008-07-01 04:33 <REP> d-------- C:\Program Files\rhc9d3j0eedr
      2008-06-28 00:35 . 2008-06-30 20:10 28,800 --------- C:\WINDOWS\system32\yayxyyaw.dll
      2008-06-28 00:35 . 2004-08-05 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
      2008-06-28 00:29 . 2008-06-30 20:10 26,624 --------- C:\WINDOWS\system32\oggview.dll
      2008-06-10 20:58 . 2008-06-10 20:58 <REP> d-------- C:\tmp
      2008-06-03 05:46 . 2008-06-03 05:46 10,276,864 --a------ C:\WINDOWS\system32\atioglx2.dll
      2008-06-03 05:22 . 2008-06-03 05:22 413,696 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
      2008-06-03 05:11 . 2008-06-03 05:11 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
      2008-06-03 05:11 . 2008-06-03 05:11 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
      2008-06-03 05:08 . 2008-06-03 05:08 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
      2008-06-03 05:02 . 2008-06-03 05:02 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
      2008-06-03 04:47 . 2008-06-03 04:47 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
      2008-06-03 04:47 . 2008-06-03 04:47 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
      2008-06-03 04:47 . 2008-06-03 04:47 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
      2008-06-03 04:33 . 2008-06-03 04:33 48,128 --a------ C:\WINDOWS\system32\amdpcom32.dll
      2008-06-03 04:28 . 2008-06-03 04:28 23,040 --a------ C:\WINDOWS\system32\atiadlxx.dll
      2008-06-03 04:28 . 2008-06-03 04:28 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
      2008-06-03 04:27 . 2008-06-03 04:27 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
      2008-06-03 04:22 . 2008-06-03 04:22 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
      2008-06-02 15:36 . 2008-06-22 09:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-06-02 15:36 . 2008-06-02 15:36 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-06-02 15:35 . 2008-06-02 15:35 <REP> d-------- C:\Program Files\Bonjour
      2008-06-02 15:34 . 2008-06-02 15:34 <REP> d-------- C:\Program Files\QuickTime
      2008-06-02 15:34 . 2008-06-02 15:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-06-02 15:32 . 2008-06-02 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Apple

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-02-16 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
      2008-07-01 12:16 --------- d-----w C:\Program Files\mIRC
      2008-06-30 20:10 --------- d-----w C:\Program Files\BearShare
      2008-06-30 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-06-30 08:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-06-27 23:05 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Lavasoft
      2008-06-22 08:48 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-06-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Nikon
      2008-06-16 16:29 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Nikon
      2008-06-16 15:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
      2008-06-16 15:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
      2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
      2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
      2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
      2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
      2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
      2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
      2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
      2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
      2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
      2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
      2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
      2008-06-02 13:36 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\Apple Computer
      2008-05-16 20:57 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-05-04 09:24 --------- d-----w C:\Program Files\Yahoo! Games
      2008-05-04 09:24 --------- d-----w C:\Documents and Settings\elise thibaux\Application Data\PlayFirst
      2008-05-04 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-04-07 09:09 294 ----a-w C:\Documents and Settings\elise thibaux\Application Data\wklnhst.dat
      2007-09-25 13:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2007-08-11 17:24 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
      .

      ((((((((((((((((((((((((((((( snapshot@2008-06-30_22.05.52.84 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-06-30 21:24:01 135,168 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
      + 2008-06-30 21:24:01 212,992 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
      + 2008-06-30 21:23:54 143,360 ----a-w C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\[u]0[/u].84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
      + 2008-06-30 21:24:01 225,280 ----a-w C:\WINDOWS\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
      + 2008-06-30 21:24:02 360,448 ----a-w C:\WINDOWS\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
      + 2008-06-30 21:24:02 49,152 ----a-w C:\WINDOWS\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
      + 2008-06-30 21:23:53 13,312 ----a-w C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
      + 2008-06-30 21:06:58 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
      + 2008-06-30 21:07:10 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
      + 2008-06-30 21:07:11 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
      + 2008-06-30 21:07:12 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
      + 2008-06-30 21:07:06 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
      + 2008-06-30 21:06:53 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
      + 2008-06-30 21:06:53 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
      + 2008-06-30 21:07:19 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
      + 2008-06-30 21:07:01 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
      + 2008-06-30 21:06:57 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
      + 2008-06-30 21:23:54 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
      + 2008-06-30 21:24:03 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
      + 2008-06-30 21:24:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
      + 2008-06-30 21:24:03 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
      + 2008-06-30 21:24:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
      + 2008-06-30 21:24:03 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
      + 2008-06-30 21:24:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3036.27976__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
      + 2008-06-30 21:24:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3036.27992__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
      + 2008-06-30 21:24:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3036.27992__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
      + 2008-06-30 21:23:54 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3075.39039__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
      + 2008-06-30 21:24:03 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
      + 2008-06-30 21:23:54 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.DLL
      + 2008-06-30 21:23:47 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3075.38691__90ba9c70f846762e\AEM.Server.DLL
      + 2008-06-30 21:23:54 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3036.27988__90ba9c70f846762e\AEM.UI.Shared.DLL
      + 2008-06-30 21:23:47 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.UI\2.0.3075.39001__90ba9c70f846762e\AEM.UI.DLL
      + 2008-06-30 21:23:55 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.DLL
      + 2008-06-30 21:23:47 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3075.38688__90ba9c70f846762e\APM.Server.DLL
      + 2008-06-30 21:06:52 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
      + 2008-06-30 21:23:48 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
      + 2008-06-30 21:23:48 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3075.38694__90ba9c70f846762e\ATIDEMOS.DLL
      + 2008-06-30 21:24:02 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
      + 2008-06-30 21:24:01 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
      + 2008-06-30 21:23:53 14,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
      + 2008-06-30 21:23:48 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3075.39002__90ba9c70f846762e\CCC.Implementation.DLL
      + 2008-06-30 21:24:00 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
      + 2008-06-30 21:24:03 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3075.39039__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:03 12,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3075.39038__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3036.27993__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
      + 2008-06-30 21:23:55 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
      + 2008-06-30 21:23:48 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3036.27964__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
      + 2008-06-30 21:24:03 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3075.38852__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:04 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3075.38877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:03 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3075.38884__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
      + 2008-06-30 21:24:04 663,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3075.38933__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:14 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3075.38931__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
      + 2008-06-30 21:24:14 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3075.38957__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
      + 2008-06-30 21:24:04 446,464 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3075.38868__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:04 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3075.38875__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
      + 2008-06-30 21:24:05 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3075.38922__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:04 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3075.38921__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
      + 2008-06-30 21:24:05 307,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3075.38784__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
      + 2008-06-30 21:24:05 282,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3075.38860__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
      + 2008-06-30 21:24:14 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3075.38875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
      + 2008-06-30 21:23:55 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
      + 2008-06-30 21:24:05 794,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3075.38978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:14 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3075.38976__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
      + 2008-06-30 21:24:15 364,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3075.38985__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
      + 2008-06-30 21:24:06 585,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3075.38777__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:05 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3075.38783__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
      + 2008-06-30 21:24:06 438,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3075.38724__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:15 1,683,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3075.38747__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
      + 2008-06-30 21:24:06 118,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3075.38905__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:06 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3075.38904__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
      + 2008-06-30 21:24:15 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3075.38722__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
      + 2008-06-30 21:24:06 221,184 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3075.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:15 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3075.38763__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
      + 2008-06-30 21:24:06 249,856 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.3075.38799__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:06 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.3075.38805__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.3036.27975__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL
      + 2008-06-30 21:24:07 806,912 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3075.38886__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:07 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3075.38885__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
      + 2008-06-30 21:24:07 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3075.38965__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
      + 2008-06-30 21:24:08 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3075.38889__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:07 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.3075.38887__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3036.27975__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL
      + 2008-06-30 21:24:08 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3075.38898__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:08 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3075.38895__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
      + 2008-06-30 21:24:08 208,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3075.39006__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:08 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3075.39004__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3036.27989__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
      + 2008-06-30 21:24:09 147,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3075.39058__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:08 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3075.39056__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
      + 2008-06-30 21:23:56 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
      + 2008-06-30 21:24:09 479,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.3075.38807__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:09 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.3075.38805__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.3036.27975__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL
      + 2008-06-30 21:24:09 1,032,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3075.38829__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:09 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3075.38820__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3036.27975__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
      + 2008-06-30 21:24:10 466,944 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3075.39050__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:10 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3075.39049__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3036.27988__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
      + 2008-06-30 21:24:10 167,936 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3075.38929__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:10 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3075.38930__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
      + 2008-06-30 21:24:11 139,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3075.39030__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:10 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3075.39029__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
      + 2008-06-30 21:24:11 147,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3075.39013__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:11 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3075.39012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
      + 2008-06-30 21:24:11 172,032 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3075.39047__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:11 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3075.39047__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
      + 2008-06-30 21:24:12 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3075.38942__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:11 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3075.38940__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
      + 2008-06-30 21:24:12 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3075.38949__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
      + 2008-06-30 21:24:12 282,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3075.38792__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:12 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3075.38798__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
      + 2008-06-30 21:23:57 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
      + 2008-06-30 21:23:58 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
      + 2008-06-30 21:24:14 483,328 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3075.39016__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
      + 2008-06-30 21:24:12 167,936 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3075.38914__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:12 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3075.38912__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
      + 2008-06-30 21:23:58 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
      + 2008-06-30 21:24:13 102,400 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3075.38756__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:13 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3075.38754__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
      + 2008-06-30 21:23:58 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
      + 2008-06-30 21:24:13 135,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3075.39022__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:13 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3075.39059__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
      + 2008-06-30 21:24:13 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3075.39060__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
      + 2008-06-30 21:23:58 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3036.27991__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
      + 2008-06-30 21:23:58 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
      + 2008-06-30 21:24:13 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3075.38717__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
      + 2008-06-30 21:23:49 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
      + 2008-06-30 21:24:15 266,240 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3075.38702__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
      + 2008-06-30 21:23:58 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
      + 2008-06-30 21:23:58 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
      + 2008-06-30 21:24:16 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3075.38738__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
      + 2008-06-30 21:23:49 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3075.38975__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
      + 2008-06-30 21:23:49 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
      + 2008-06-30 21:23:58 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
      + 2008-06-30 21:23:50 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3075.38843__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
      + 2008-06-30 21:23:50 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3075.38836__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
      + 2008-06-30 21:23:50 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3075.38851__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
      + 2008-06-30 21:23:50 208,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3075.38845__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
      + 2008-06-30 21:23:51 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
      + 2008-06-30 21:23:58 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
      + 2008-06-30 21:23:49 991,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3075.38710__90ba9c70f846762e\CLI.Component.Dashboard.DLL
      + 2008-06-30 21:23:51 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3075.38968__90ba9c70f846762e\CLI.Component.Eeu.DLL
      + 2008-06-30 21:23:51 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3075.38814__90ba9c70f846762e\CLI.Component.Erecord.DLL
      + 2008-06-30 21:23:51 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Help\2.0.3075.38998__90ba9c70f846762e\CLI.Component.Help.DLL
      + 2008-06-30 21:23:51 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3075.38762__90ba9c70f846762e\CLI.Component.Icomponent.DLL
      + 2008-06-30 21:23:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3075.39048__90ba9c70f846762e\CLI.Component.Launchpad.DLL
      + 2008-06-30 21:23:51 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Load\2.0.3075.38999__90ba9c70f846762e\CLI.Component.Load.DLL
      + 2008-06-30 21:24:13 118,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3075.39066__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
      + 2008-06-30 21:23:54 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3075.38692__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
      + 2008-06-30 21:23:52 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
      + 2008-06-30 21:23:58 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
      + 2008-06-30 21:23:51 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3075.38693__90ba9c70f846762e\CLI.Component.Runtime.DLL
      + 2008-06-30 21:23:52 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3075.38696__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
      + 2008-06-30 21:23:52 417,792 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3075.38993__90ba9c70f846762e\CLI.Component.Systemtray.DLL
      + 2008-06-30 21:23:52 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
      + 2008-06-30 21:23:58 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
      + 2008-06-30 21:23:52 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3075.38732__90ba9c70f846762e\CLI.Component.Wizard.DLL
      + 2008-06-30 21:23:52 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.DLL
      + 2008-06-30 21:23:59 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
      + 2008-06-30 21:23:59 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.DLL
      + 2008-06-30 21:23:52 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Implementation\2.0.3075.38686__90ba9c70f846762e\CLI.Implementation.DLL
      + 2008-06-30 21:24:00 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
      + 2008-06-30 21:06:54 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
      + 2008-06-30 21:23:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
      + 2008-06-30 21:23:59 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
      + 2008-06-30 21:23:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
      + 2008-06-30 21:23:59 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
      + 2008-06-30 21:23:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
      + 2008-06-30 21:23:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.DLL
      + 2008-06-30 21:24:00 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.DLL
      + 2008-06-30 21:23:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.DLL
      + 2008-06-30 21:07:09 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
      + 2008-06-30 21:07:09 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
      + 2008-06-30 21:07:10 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
      + 2008-06-30 21:24:02 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
      + 2008-06-30 21:23:54 11,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3075.39054__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.DLL
      + 2008-06-30 21:23:53 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.DLL
      + 2008-06-30 21:23:53 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
      + 2008-06-30 21:23:53 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3075.39000__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
      + 2008-06-30 21:23:53 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.DLL
      + 2008-06-30 21:24:00 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.DLL
      + 2008-06-30 21:23:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3075.39000__90ba9c70f846762e\LOG.EXE
      + 2008-06-30 21:06:55 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
      + 2008-06-30 21:06:56 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
      + 2008-06-30 21:06:56 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
      + 2008-06-30 21:06:57 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
      + 2008-06-30 21:06:55 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
      + 2008-06-30 21:07:21 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
      + 2008-06-30 21:07:20 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
      + 2008-06-30 21:06:50 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
      + 2008-06-30 21:07:20 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
      + 2008-06-30 21:07:22 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
      + 2008-06-30 21:06:52 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
      + 2008-06-30 21:06:51 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
      + 2008-06-30 21:06:52 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
      + 2008-06-30 21:24:00 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.DLL
      + 2008-06-30 21:23:53 102,400 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3075.39003__90ba9c70f846762e\MOM.Implementation.DLL
      + 2008-06-30 21:24:00 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
      + 2008-06-30 21:24:00 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.DLL
      + 2008-06-30 21:23:54 19,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3075.39040__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
      + 2008-06-30 21:23:53 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3036.27989__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
      + 2008-06-30 21:07:15 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
      + 2008-06-30 21:06:59 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
      + 2008-06-30 21:07:15 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
      + 2008-06-30 21:07:12 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
      + 2008-06-30 21:06:54 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
      + 2008-06-30 21:07:07 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
      + 2008-06-30 21:07:00 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
      + 2008-06-30 21:06:59 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
      + 2008-06-30 21:07:00 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
      + 2008-06-30 21:07:17 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
      + 2008-06-30 21:07:13 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
      + 2008-06-30 21:07:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
      + 2008-06-30 21:07:14 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
      + 2008-06-30 21:07:14 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
      + 2008-06-30 21:06:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
      + 2008-06-30 21:07:01 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
      + 2008-06-30 21:07:19 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
      + 2008-06-30 21:07:02 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
      + 2008-06-30 21:07:03 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
      + 2008-06-30 21:07:04 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
      + 2008-06-30 21:07:05 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
      + 2008-06-30 21:07:16 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
      + 2008-06-30 22:06:16 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\[u]0[/u]934cc171b99f64585c6ef1f4e42081b\Accessibility.ni.dll
      + 2008-06-30 22:06:17 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\3dc45fd65518a34d8d46b15a95de7779\AspNetMMCExt.ni.dll
      + 2008-06-30 22:06:18 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7106b11eab69df41822c79c2f8feef49\CustomMarshalers.ni.dll
      + 2008-06-30 22:06:18 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\2276b1c08f1ad548bc13cc28699b9f30\dfsvc.ni.exe
      + 2008-06-30 22:06:20 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9a59cbb2d5f104409e844aa647e7ce4f\Microsoft.Build.Engine.ni.dll
      + 2008-06-30 22:06:20 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\81e6c2d945d55f4a8fae5a130a558af6\Microsoft.Build.Framework.ni.dll
      + 2008-06-30 22:06:23 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f37f13374fd4a44ca569838ae33fc78b\Microsoft.Build.Tasks.ni.dll
      + 2008-06-30 22:06:24 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d147540ade952645bfb4e3da899a5f94\Microsoft.Build.Utilities.ni.dll
      + 2008-06-30 22:06:26 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f702b6c2acb3b14c9a5ca81375251e1c\Microsoft.VisualBasic.ni.dll
      + 2008-06-30 21:08:14 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\13cde54c9d760348813a8fda329bc888\mscorlib.ni.dll
      + 2008-06-30 22:06:28 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b3a3401c2bf960438bb63795d56fcf30\System.Configuration.ni.dll
      + 2008-06-30 21:10:07 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\dc95a4b76f38c34383ba4a74a8607fab\System.Data.ni.dll
      + 2008-06-30 22:06:30 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc6ff890a0259c4d948ef3780c44e84e\System.Deployment.ni.dll
      + 2008-06-30 21:10:32 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\eb72f430ce42a943803fef96ffa0af51\System.Design.ni.dll
      + 2008-06-30 22:06:32 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\83348d39320c574994cb073317c7b7f6\System.DirectoryServices.ni.dll
      + 2008-06-30 22:06:33 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8c99f6d87f22954e9b5994d357c118de\System.DirectoryServices.Protocols.ni.dll
      + 2008-06-30 21:09:16 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\656096b01d907c45a78fb416b6c9a3fe\System.Drawing.Design.ni.dll
      + 2008-06-30 21:09:21 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a7b077627a70a46b343a8fadde57992\System.Drawing.ni.dll
      + 2008-06-30 22:06:34 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93fdb2415284a945b370ed92f1b4dd2e\System.EnterpriseServices.ni.dll
      + 2008-06-30 22:06:34 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93fdb2415284a945b370ed92f1b4dd2e\System.EnterpriseServices.Wrapper.dll
      + 2008-06-30 22:06:35 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\b6bf03de9c89724da7b3d24bf7154a73\System.Security.ni.dll
      + 2008-06-30 22:06:37 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8d8d4437d4d9c04e9b1b8120381421e5\System.Transactions.ni.dll
      + 2008-06-30 22:07:01 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\1810c4b7a05b2445a5833a9535612aab\System.Web.Mobile.ni.dll
      + 2008-06-30 22:07:02 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\eec07e0504a42845a2643e20306849df\System.Web.RegularExpressions.ni.dll
      + 2008-06-30 22:07:05 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6161ff4090bf8c41a92146556a3ea92a\System.Web.Services.ni.dll
      + 2008-06-30 22:06:56 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d343a2abacd57240a8c079236bf4f87f\System.Web.ni.dll
      + 2008-06-30 21:09:46 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\343f55ebdce86947a8bd9d698acc7c30\System.Windows.Forms.ni.dll
      + 2008-06-30 21:09:55 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f4eece3ec475284c8ef9b65e68596a20\System.Xml.ni.dll
      + 2008-06-30 21:09:13 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\[u]0[/u]b35957d169690458964df543ec0a874\System.ni.dll
      - 2008-06-30 20:01:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-06-30 21:29:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-06-30 21:23:38 10,134 ----a-r C:\WINDOWS\Installer\{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:14 10,134 ----a-r C:\WINDOWS\Installer\{16FE2579-06B2-3E32-58F2-4B70B69A3070}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:19 10,134 ----a-r C:\WINDOWS\Installer\{1EB21F28-E3AF-A317-4658-6C0C455C2F61}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:31 10,134 ----a-r C:\WINDOWS\Installer\{46D9C523-FABB-FFF1-321D-F493A68E2C3E}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:45 10,134 ----a-r C:\WINDOWS\Installer\{57D32909-FCA8-A78B-2AD2-2A50F5E11858}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:45 9,158 ----a-r C:\WINDOWS\Installer\{57D32909-FCA8-A78B-2AD2-2A50F5E11858}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
      + 2008-06-30 21:23:21 10,134 ----a-r C:\WINDOWS\Installer\{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:29 10,134 ----a-r C:\WINDOWS\Installer\{DE31F8AA-B12D-3A38-E561-C657EED45465}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:41 10,134 ----a-r C:\WINDOWS\Installer\{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:34 10,134 ----a-r C:\WINDOWS\Installer\{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}\ARPPRODUCTICON.exe
      + 2008-06-30 21:23:30 10,134 ----a-r C:\WINDOWS\Installer\{F251B61F-9D18-13C4-02EE-71A36343D442}\ARPPRODUCTICON.exe
      + 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
      + 2005-09-23 05:29:04 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
      + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
      + 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
      + 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
      + 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
      + 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
      + 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
      + 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
      + 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
      + 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
      + 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
      + 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
      + 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
      + 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
      + 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
      + 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
      + 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
      + 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
      + 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
      + 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
      + 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
      + 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
      + 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
      + 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
      + 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
      + 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
      + 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
      + 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
      + 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
      + 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
      + 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
      + 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
      + 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
      + 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
      + 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      + 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
      + 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
      + 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
      + 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
      + 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
      + 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
      + 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
      + 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
      + 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
      + 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
      + 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
      + 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
      + 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
      + 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
      + 2005-09-23 05:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
      + 2005-09-23 04:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
      + 2005-09-23 04:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
      + 2005-09-23 04:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
      + 2005-09-23 04:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
      + 2005-09-23 04:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
      + 2005-09-23 04:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
      + 2005-09-23 01:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
      + 2005-09-23 04:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
      + 2005-09-23 04:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
      + 2005-09-23 04:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
      + 2005-09-23 04:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
      + 2005-09-23 04:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
      + 2005-09-23 04:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
      + 2005-09-23 04:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
      + 2005-09-23 04:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
      + 2005-09-23 04:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
      + 2005-09-23 04:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
      + 2005-09-23 04:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
      + 2005-09-23 04:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
      + 2005-09-23 04:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
      + 2005-09-23 04:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
      + 2005-09-23 04:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
      + 2005-09-23 04:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
      + 2005-09-23 04:29:50 80,89
      0
  10. aridza
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:25:50, on 01/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\elise thibaux\Bureau\scan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab
    O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: yayxyyaw - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut aridza !!

    ok...si tu as bien fais le fix.reg, refais un nouveau rapport hijackthis stp pour vérifier
    0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...

    relance hijackthis en cliquant sur scan only et coches ces lignes :

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - Startup: PowerReg Scheduler V3.exe

    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

    O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/

    puis tu cliques sur fix checked.

    est ce que tu as encore des problemes??
    0
  13. aridza
     
    1000x merci, mon ordi semble marcher normalement maintenant!!
    0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    mais de rien...si tu n as plus de problemes, tu peux mettre résolu en haut de ton topic

    @+
    0
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ah oui !! une derniere chose à faire :

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    * Double-clique sur ToolsCleaner2.bat et laisse le travailler
    * Clique sur Recherche et laisse le scan se terminer.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options facultatives.
    * Clique sur Quitter, pour que le rapport puisse se créer.
    * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
    0
    1. aridza
       
      -->- Recherche:

      C:\Qoobox: trouvé !
      C:\Documents and Settings\elise thibaux\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\elise thibaux\Mes documents\VirtumundoBeGone.exe: trouvé !
      C:\Documents and Settings\elise thibaux\Mes documents\SmitFraudfix: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\elise thibaux\Bureau\ComboFix.exe: supprimé !
      C:\Documents and Settings\elise thibaux\Mes documents\VirtumundoBeGone.exe: supprimé !
      C:\Qoobox: supprimé !
      C:\Documents and Settings\elise thibaux\Mes documents\SmitFraudfix: supprimé !

      Fichiers temporaires nettoyés !
      Point de restauration crée !


      et voila!!
      Merci encore!!!!!!!!!!!!!
      0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    C est ok...@+

    problème RESOLU !!
    0