Sujet Précédent Sujet Suivant

Ordinateur lent suite à un trojan supprimé

Charles_57 Messages postés 9 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour à tous,

Je fais appel à vos connaissances pour le problème suivant: J'ai été infecté par un trojan ce week end (1ere fois en 2 ans avec cet ordi). Il s'agissait d'un trojan qui m'ouvrait des pop up fake lorsque je naviguait sur le web. A noter que ce dernier me bloquait HijackThis lorsqu'il le detectait. Pour m'en débarasser, j'ai supprimer les fichiers que me detectait Norton en mode sans echec (sans succès) puis j'ai utiliser Spyware Doctor. Celui ci m'a detecté et supprimé un trojan nommé trojan.virtumonde. Je croyais alors en avoir terminé puisque je ne reçoit plus de pop up mais voila que maintenant j'ai l'impression que mon ordinateur est plus lent en particulier sur le web. Je vous poste mon rapport HijackThis si vous detecter quelque chose de suspect! Si vous pouvez m'éclairer ce serait sympa!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:10, on 19/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {10990D5B-D686-4CD2-81EB-C7540450A1BA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM63161bd3] Rundll32.exe "C:\WINDOWS\system32\nrdaynbs.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - https://shotonline.gamescampus.com/Error/error404
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: urqOFyVL - urqOFyVL.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

18 réponses

Réponse 1 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 2 / 18
Charles_57 Messages postés 9 Statut Membre
 
Salut et merci pour ton aide,

Voici le rapport, à noter que lorsque je démarre windows depuis que j'ai executé Combofix j'ai un message d'erreur me disant qu'un fichier.dll ne peut pas s'executer.

ComboFix 08-08-19.03 - Charly 2008-08-20 22:01:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.547 [GMT 2:00]
Endroit: C:\Documents and Settings\Charly\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM63161bd3.txt
C:\WINDOWS\BM63161bd3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dmfliw.dll
C:\WINDOWS\system32\fLSuxyay.ini
C:\WINDOWS\system32\fLSuxyay.ini2
C:\WINDOWS\system32\ljnncptv.dll
C:\WINDOWS\system32\lophoqhd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnljdadp.ini
C:\WINDOWS\system32\mnoeqely.dll
C:\WINDOWS\system32\nrdaynbs.dll
C:\WINDOWS\system32\tixsjqwf.exe
C:\WINDOWS\system32\vlmvgllo.exe
C:\WINDOWS\system32\wigmkptt.exe
C:\WINDOWS\system32\wjkdjdys.ini
C:\WINDOWS\system32\xpbkhsor.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_WINDOWS_LOG

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-19 18:52 . 2008-08-19 20:52 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-18 00:42 . 2008-08-18 00:45 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-17 15:46 . 2008-08-17 16:08 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-17 15:46 . 2008-08-17 15:46 <REP> d-------- C:\Documents and Settings\Charly\Application Data\PC Tools
2008-08-17 15:46 . 2008-08-18 23:09 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 15:46 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-17 15:46 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-17 15:46 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-17 15:46 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-17 15:20 . 2008-08-17 15:20 <REP> d-------- C:\Program Files\CCleaner
2008-08-17 14:53 . 2008-08-17 14:53 <REP> d-------- C:\Program Files\Trend Micro
2008-08-17 12:48 . 2008-08-17 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-08-17 12:48 . 2008-08-17 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 10:15 . 2008-08-10 10:21 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-08-10 10:15 . 2008-08-10 10:21 54,721 --a------ C:\WINDOWS\War3Unin.dat
2008-08-10 10:15 . 2008-08-10 10:21 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-08 14:13 . 2008-08-08 15:31 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2008-08-08 14:13 . 2008-08-08 14:13 45 ---h----- C:\WINDOWS\dsez0613.dat
2008-08-06 16:59 . 2008-08-06 16:59 <REP> d-------- C:\Program Files\Lauyan
2008-08-06 16:54 . 2008-08-06 16:55 <REP> d-------- C:\Projets NetlorStudio
2008-08-06 16:50 . 2008-08-06 16:59 <REP> d-------- C:\Program Files\Netlor Studio
2008-08-05 16:02 . 2008-08-08 23:53 <REP> d-------- C:\Documents and Settings\Charly\Application Data\gtk-2.0
2008-08-05 16:02 . 2008-08-05 16:02 <REP> d-------- C:\Documents and Settings\Charly\.thumbnails
2008-08-05 15:59 . 2008-08-09 19:18 <REP> d-------- C:\Association
2008-08-05 15:56 . 2008-08-09 00:11 <REP> d-------- C:\Documents and Settings\Charly\.gimp-2.4
2008-08-05 15:55 . 2008-08-05 15:55 <REP> d-------- C:\Program Files\GIMP-2.0
2008-08-05 15:42 . 2008-08-05 15:42 <REP> d-------- C:\Program Files\Ma‹do Production
2008-08-05 15:22 . 2008-08-05 15:22 <REP> d-------- C:\Program Files\Nvu
2008-08-05 15:22 . 2008-08-05 15:22 <REP> d-------- C:\Documents and Settings\Charly\Application Data\Nvu
2008-07-23 14:29 . 2008-07-23 14:29 268 --ah----- C:\sqmdata19.sqm
2008-07-23 14:29 . 2008-07-23 14:29 244 --ah----- C:\sqmnoopt19.sqm
2008-07-23 13:51 . 2008-07-23 13:51 268 --ah----- C:\sqmdata18.sqm
2008-07-23 13:51 . 2008-07-23 13:51 244 --ah----- C:\sqmnoopt18.sqm
2008-07-22 19:16 . 2008-07-22 19:16 268 --ah----- C:\sqmdata17.sqm
2008-07-22 19:16 . 2008-07-22 19:16 244 --ah----- C:\sqmnoopt17.sqm
2008-07-22 15:06 . 2008-07-22 15:06 268 --ah----- C:\sqmdata16.sqm
2008-07-22 15:06 . 2008-07-22 15:06 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 21:41 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-17 20:18 --------- d-----w C:\Program Files\Warcraft III
2008-08-17 14:06 --------- d-----w C:\Program Files\eMule
2008-08-15 00:59 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-05 13:42 --------- d-----w C:\Program Files\Maïdo Production
2008-06-28 08:32 --------- d-----w C:\Program Files\Steam
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-10-09 14:57 75,832 -c--a-w C:\Documents and Settings\Charly\Application Data\GDIPFONTCACHEV1.DAT
2005-11-23 22:47 149 -c--a-w C:\Documents and Settings\Charly\replayer.dat
2005-11-20 19:08 0 -c--a-w C:\Documents and Settings\Charly\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 14:39 58992]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-11 18:55 100056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 10:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 10:00]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 16:39]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2008-06-17 01:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2007-01-20 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Charly.job
- c:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE [2005-11-22 12:04]

2008-08-20 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - (no file)
HKLM-Run-BM63161bd3 - C:\WINDOWS\system32\nrdaynbs.dll
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
Notify-urqOFyVL - urqOFyVL.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 22:08:11
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?3?8??????? ???B?????????????hLC? ??????

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPROXY.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 22:15:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 20:15:51

Pre-Run: 28,488,507,392 octets libres
Post-Run: 29,008,019,456 octets libres

211 --- E O F --- 2008-08-17 22:45:34
0
Réponse 3 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 4 / 18
Charles_57 Messages postés 9 Statut Membre
 
Bonjour!

Voilà j'ai réalisé le scan complet avec MalwareByte's Anti-Malware (10h de scan!) en mode sans échec. Voici le rapport:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 3

13:19:42 22/08/2008
mbam-log-08-22-2008 (13-19-42).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 157549
Temps écoulé: 10 hour(s), 1 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\dmfliw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ljnncptv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lophoqhd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mnoeqely.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nrdaynbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tixsjqwf.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vlmvgllo.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wigmkptt.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xpbkhsor.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP3\A0000534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP4\A0001534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP4\A0001535.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP4\A0001536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003021.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003022.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003023.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003025.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003026.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003027.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP9\A0003028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Quand penses-tu?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Que c'est sur la bonne voie.

Je vais te créer un script et j'ai besoin de ton adresse mail pour te l'envoyer. Ne poste pas ton adresse ici mais envoie-la moi sur (adresse mail supprimée)
0
Réponse 6 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Rootkit::
C:\sqmdata21.sqm
C:\sqmnoopt20.sqm
C:\sqmdata20.sqm
C:\sqmnoopt20.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmdata14.sqm
C:\sqmnoopt13.sqm
C:\sqmdata13.sqm
C:\sqmdata12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"HP Software Update"=-
"QuickTime Task"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 7 / 18
Charles_57 Messages postés 9 Statut Membre
 
Hello,

Voici donc le rapport obtenu (assez impressionnant):

ComboFix 08-08-24.03 - Charly 2008-08-25 23:13:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.622 [GMT 2:00]
Endroit: C:\Documents and Settings\Charly\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Charly\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
.

2008-08-21 23:01 . 2008-08-21 23:01 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-21 23:01 . 2008-08-21 23:01 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-21 23:01 . 2008-08-21 23:01 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-21 22:57 . 2008-08-21 22:57 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 22:48 . 2008-08-21 22:48 <REP> d-------- C:\WINDOWS\EHome
2008-08-21 22:45 . 2008-08-21 22:45 <REP> d-------- C:\Documents and Settings\Charly\Application Data\Malwarebytes
2008-08-21 22:45 . 2008-08-21 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 20:49 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-08-18 00:42 . 2008-08-21 23:15 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-08-17 16:48 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-17 15:46 . 2008-08-22 13:48 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 14:53 . 2008-08-17 14:53 <REP> d-------- C:\Program Files\Trend Micro
2008-08-17 12:48 . 2008-08-17 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-08-17 12:48 . 2008-08-17 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 10:15 . 2008-08-10 10:21 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-08-10 10:15 . 2008-08-10 10:21 54,721 --a------ C:\WINDOWS\War3Unin.dat
2008-08-10 10:15 . 2008-08-10 10:21 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-08 14:13 . 2008-08-08 15:31 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2008-08-08 14:13 . 2008-08-08 14:13 45 ---h----- C:\WINDOWS\dsez0613.dat
2008-08-06 16:59 . 2008-08-06 16:59 <REP> d-------- C:\Program Files\Lauyan
2008-08-06 16:54 . 2008-08-06 16:55 <REP> d-------- C:\Projets NetlorStudio
2008-08-06 16:50 . 2008-08-06 16:59 <REP> d-------- C:\Program Files\Netlor Studio
2008-08-05 16:02 . 2008-08-08 23:53 <REP> d-------- C:\Documents and Settings\Charly\Application Data\gtk-2.0
2008-08-05 16:02 . 2008-08-05 16:02 <REP> d-------- C:\Documents and Settings\Charly\.thumbnails
2008-08-05 15:59 . 2008-08-09 19:18 <REP> d-------- C:\Association
2008-08-05 15:56 . 2008-08-09 00:11 <REP> d-------- C:\Documents and Settings\Charly\.gimp-2.4
2008-08-05 15:42 . 2008-08-05 15:42 <REP> d-------- C:\Program Files\Ma‹do Production
2008-08-05 15:22 . 2008-08-22 14:23 <REP> d-------- C:\Program Files\Nvu
2008-08-05 15:22 . 2008-08-05 15:22 <REP> d-------- C:\Documents and Settings\Charly\Application Data\Nvu

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 21:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-22 15:04 --------- d-----w C:\Program Files\Warcraft III
2008-08-22 11:27 --------- d-----w C:\Program Files\MSN Messenger
2008-08-21 20:39 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 14:06 --------- d-----w C:\Program Files\eMule
2008-08-05 13:42 --------- d-----w C:\Program Files\Maïdo Production
2008-06-28 08:32 --------- d-----w C:\Program Files\Steam
2007-10-09 14:57 75,832 -c--a-w C:\Documents and Settings\Charly\Application Data\GDIPFONTCACHEV1.DAT
2005-11-23 22:47 149 -c--a-w C:\Documents and Settings\Charly\replayer.dat
2005-11-20 19:08 0 -c--a-w C:\Documents and Settings\Charly\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-20_22.15.20.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 18:07:10 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 04:39:57 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
- 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
- 2008-04-14 15:52:45 272,768 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 15:52:45 272,768 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
- 2004-08-03 22:40:30 274,944 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys
+ 2004-08-03 22:40:30 274,944 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\bthport.sys
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2004-08-05 08:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:35:05 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
- 2004-08-05 08:00:00 247,808 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
- 2004-08-05 08:00:00 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
- 2005-06-29 01:49:41 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
- 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-04-14 02:33:18 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-05 08:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 02:33:18 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-05 08:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 02:33:18 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-05 08:00:00 137,728 -c--a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 02:33:18 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-05 08:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 02:33:18 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-05 08:00:00 116,224 -c--a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 02:33:18 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-06-06 18:37:46 68,608 -c--a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-22 17:46:47 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-06-06 18:37:57 72,192 -c--a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-22 17:46:58 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-06-06 18:37:57 4,308,992 -c--a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-08-22 17:46:58 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-06-06 18:37:58 482,304 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-22 17:47:00 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-06-06 18:37:53 2,878,976 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-08-22 17:46:55 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-06-06 18:37:38 258,048 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-22 17:46:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-06-06 18:37:38 114,176 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-08-22 17:46:41 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-06-06 18:38:07 260,096 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-08-22 17:47:06 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-06-06 18:37:48 5,025,792 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-22 17:46:50 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-06-06 18:37:44 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-22 17:46:46 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-06-06 18:37:38 503,808 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-08-22 17:46:40 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-06-06 18:37:40 13,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-22 17:46:43 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-06-06 18:37:55 8,192 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-22 17:46:57 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-06-06 18:37:55 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-22 17:46:57 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-06-06 18:37:56 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-22 17:46:57 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-06-06 18:37:41 413,696 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-08-22 17:46:44 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-06-06 18:37:41 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-08-22 17:46:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-06-06 18:37:43 647,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-08-22 17:46:45 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-06-06 18:37:44 73,728 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-08-22 17:46:46 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-06-06 18:37:40 745,472 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-22 17:46:43 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-06-06 18:38:11 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-08-22 17:47:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-06-06 18:38:09 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-08-22 17:47:07 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-06-06 18:37:34 28,672 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-22 17:46:38 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-06-06 18:38:09 667,648 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-22 17:47:07 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-06-06 18:38:11 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-08-22 17:47:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-06-06 18:37:38 12,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-22 17:46:40 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-06-06 18:37:37 32,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-22 17:46:39 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-06-06 18:37:37 7,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-22 17:46:40 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-06-06 18:38:01 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-08-22 17:47:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-06-06 18:37:46 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-22 17:46:48 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-06-06 18:38:02 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-08-22 17:47:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-06-06 18:37:59 716,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-08-22 17:47:01 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-06-06 18:37:39 884,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-08-22 17:46:42 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-06-06 18:37:54 5,050,368 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-22 17:46:56 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-06-06 18:37:47 188,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-08-22 17:46:48 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-06-06 18:37:47 397,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-22 17:46:48 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-06-06 18:37:48 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-22 17:46:49 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-06-06 18:38:05 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-22 17:47:05 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-06-06 18:38:00 368,640 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-22 17:47:02 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-06-06 18:38:06 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-22 17:47:05 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-06-06 18:38:00 299,008 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-22 17:47:02 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-06-06 18:38:01 131,072 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-22 17:47:03 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-06-06 18:37:45 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-22 17:46:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-06-06 18:37:48 114,688 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-22 17:46:49 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-06-06 18:38:07 835,584 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-22 17:47:06 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-06-06 18:37:50 86,016 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-22 17:46:51 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-06-06 18:37:50 823,296 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-22 17:46:52 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-06-06 18:37:51 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-22 17:46:52 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-06-06 18:37:52 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-08-22 17:46:53 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-06-06 18:38:03 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-08-22 17:47:04 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-08-23 12:03:43 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\[u]0[/u]34a44742647d86bbaa1c8f15b7cb528\Accessibility.ni.dll
+ 2008-08-23 12:03:51 1,191,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AcLayer\cff4242df5346b2320db805c8d9d52f1\AcLayer.ni.dll
+ 2008-08-23 12:03:47 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bb304cec0361eca66b0fa89d1a59e969\AspNetMMCExt.ni.dll
+ 2008-08-23 12:03:52 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a6eea31abed00f52cc062c424092dafd\CustomMarshalers.ni.dll
+ 2008-08-23 12:03:51 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\1dd3efadaa530f2449dc13c568ea5164\dfsvc.ni.exe
+ 2008-08-23 12:03:53 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6930d162678847a01f47fed348873e15\Microsoft.Build.Engine.ni.dll
+ 2008-08-23 12:03:54 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a2f7cb74d513ff512c4bec4c300aaa15\Microsoft.Build.Framework.ni.dll
+ 2008-08-23 12:03:57 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\917a297b2ea5a0f5fbd388a4259c26ba\Microsoft.Build.Tasks.ni.dll
+ 2008-08-23 12:03:58 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c9adde7899f180b78f199267c84fa3a0\Microsoft.Build.Utilities.ni.dll
+ 2008-08-23 12:04:00 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\[u]0[/u]44886a99768c9ee6dfae01b295354c9\Microsoft.VisualBasic.ni.dll
+ 2008-08-23 08:18:56 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\1fb9d8194c139bc9c29600e687c112b6\mscorlib.ni.dll
+ 2008-08-23 12:04:02 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\c4ec8ced34ef9ab8954cff5bf5d0fc05\System.Configuration.ni.dll
+ 2008-08-23 08:20:35 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ab5532e25121f69c1df505c56ed62fab\System.Data.ni.dll
+ 2008-08-23 12:04:03 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\600ab411d9ec3bc2df23b85bf663d9f9\System.Deployment.ni.dll
+ 2008-08-23 08:21:37 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\51b0a2ce84b66381e636f67a29179050\System.Design.ni.dll
+ 2008-08-23 12:04:05 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\[u]0[/u]fa46f97e5901f66384d24c91953fca1\System.DirectoryServices.Protocols.ni.dll
+ 2008-08-23 12:04:05 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcb19767b1dd92ea6ead4713747a3f9d\System.DirectoryServices.ni.dll
+ 2008-08-23 08:21:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\df7ec312ebe9d15ba00294c1e1b3a5c6\System.Drawing.Design.ni.dll
+ 2008-08-23 08:21:42 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\171abffae7d81afa0a1f913aa092d753\System.Drawing.ni.dll
+ 2008-08-23 12:04:07 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\[u]0[/u]cb936db5338057a6eefd08d17cf1749\System.EnterpriseServices.ni.dll
+ 2008-08-23 12:04:07 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\[u]0[/u]cb936db5338057a6eefd08d17cf1749\System.EnterpriseServices.Wrapper.dll
+ 2008-08-23 12:04:08 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\531fdb92069c959eb4c7f6fc87a2c943\System.Security.ni.dll
+ 2008-08-23 12:04:09 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1f04130d373d41e907397eb57ba046bb\System.Transactions.ni.dll
+ 2008-08-23 12:04:27 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\830d818643869a46b45df035b39913c0\System.Web.Mobile.ni.dll
+ 2008-08-23 12:04:28 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\[u]0[/u]83e36946f184bd0578406e00584e953\System.Web.RegularExpressions.ni.dll
+ 2008-08-23 12:04:30 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2861d1fbebc0438e1a199f430e2dec4c\System.Web.Services.ni.dll
+ 2008-08-23 12:04:24 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d1df715e50f008d994d12ef39606a565\System.Web.ni.dll
+ 2008-08-23 08:22:20 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c137809123042cafa5275b677638c165\System.Windows.Forms.ni.dll
+ 2008-08-23 08:22:35 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8fbebde964c57f779f777a2c19c75919\System.Xml.ni.dll
+ 2008-08-23 08:19:59 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\30bad1d3e889c7b60f85b092688c76de\System.ni.dll
- 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-14 17:33:37 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2008-04-14 02:34:03 1,037,824 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-05 08:00:00 34,816 -c--a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 02:33:41 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-05 08:00:00 33,280 -c--a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 02:33:46 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-05 08:00:00 279,040 -c--a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 02:33:46 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-04-14 02:34:06 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-05 08:00:00 220,160 -c--a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 02:33:30 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-05 08:00:00 130,048 -c--a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 02:33:41 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-05 08:00:00 62,976 -c--a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-05 08:00:00 272,384 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 02:33:46 272,384 ----a-w C:\WINDOWS\ime\sptip.dll
- 2007-09-14 06:40:53 29,926 -c--a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-08-22 11:27:30 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 02:33:06 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2005-09-23 05:28:58 55,488 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 05:28:32 8,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 05:28:32 23,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 05:28:32 70,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 26,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 29,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 05:28:32 29,888 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 05:28:32 503,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 88,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:38 4,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:28:56 9,728 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 224,952 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 05:28:56 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:48 413,696 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 647,168 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 745,472 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:28:32 87,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:56 800,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:28:56 226,816 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 05:28:56 66,240 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:28:56 96,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 05:28:56 14,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:50 136,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 377,344 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 05:28:56 110,592 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28:58 389,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 2,878,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 05:28:56 482,304 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 05:28:56 716,800 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 05:28:38 884,736 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 05:28:56 5,050,368 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 188,416 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 05:28:56 3,018,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 700,416 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 05:28:56 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 05:28:56 47,616 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28:56 114,176 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 05:28:56 368,640 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 299,008 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 260,096 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 05:28:56 5,025,792 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 5,316,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 05:28:56 2,035,712 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:29:06 1,140,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 05:28:30 1,306,624 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 05:28:32 298,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2004-08-05 08:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-05 08:00:00 214,016 -c--a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 02:33:18 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 13:55:58 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 02:33:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 14:00:38 57,344 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 02:33:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-05 08:00:00 49,152 -c--a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 02:33:18 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-05 08:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-05 08:00:00 44,032 -c--a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 02:33:18 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 02:33:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-05 08:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 02:33:19 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-05 08:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-05 08:00:00 22,016 -c--a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-05 08:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-05 08:00:00 19,968 -c--a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-05 08:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-05 08:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-05 08:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-05 08:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-05 08:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-05 08:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-05 08:00:00 39,936 -c--a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 02:33:32 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-14 02:33:22 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
- 2006-10-10 12:44:50 557,568 -c----w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-05 08:00:00 70,656 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-05 08:00:00 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-05 08:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 02:34:06 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-05 08:00:00 18,944 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 02:34:06 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
- 2004-08-05 08:00:00 160,768 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 02:34:12 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-05 08:00:00 381,952 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 02:33:32 382,464 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-05 08:00:00 102,400 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 02:33:38 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-05 08:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 02:33:38 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
- 2005-05-17 03:38:16 79,431 -c--a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-08-21 21:09:17 79,431 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2005-05-17 03:38:16 5,312 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-08-21 21:09:17 5,618 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-05 08:00:00 151,040 -c--a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 02:34:26 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-05 08:00:00 151,552 -c--a-w C:\WINDOWS\PeerNet\sqldb20.dll
+ 2008-04-14 02:33:46 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
- 2004-08-05 08:00:00 462,848 -c--a-w C:\WINDOWS\PeerNet\sqlqp20.dll
+ 2008-04-14 02:33:46 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
- 2004-08-05 08:00:00 110,592 -c--a-w C:\WINDOWS\PeerNet\sqlse20.dll
+ 2008-04-14 02:33:46 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
- 2004-08-05 08:00:00 153,088 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 02:33:18 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 02:33:18 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2004-08-03 20:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 20:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 02:33:18 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 02:33:53 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 02:33:18 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 02:33:18 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 02:33:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 02:33:18 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 01:52:42 188,672 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 02:33:18 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 02:33:18 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 02:33:53 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 02:33:18 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 02:33:18 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 02:33:18 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-03 20:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 02:33:18 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 02:33:18 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 02:33:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 02:33:18 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 02:33:18 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 02:33:18 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 02:33:18 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 02:33:18 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 02:33:18 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 02:33:18 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 02:33:18 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 02:33:18 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 02:33:18 685,568 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 02:33:18 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 02:33:18 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 02:33:18 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 02:33:18 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 02:33:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 02:33:18 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 02:33:53 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 02:33:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 02:33:53 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 02:33:53 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-14 01:54:28 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-14 01:54:29 41,856 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 02:33:19 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-03 20:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 02:33:19 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 02:33:19 334,336 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 02:33:19 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 02:33:53 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-03 20:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 02:33:19 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 02:33:19 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 02:33:19 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-03 22:38:42 327,168 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-03 22:38:44 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 02:33:19 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 02:33:19 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 02:33:19 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-03 20:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 02:33:19 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 02:33:19 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 02:33:19 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 02:33:53 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 02:31:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 02:33:19 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 02:33:53 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 02:33:19 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 02:33:19 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 02:33:19 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 02:33:19 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 02:33:19 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 02:33:19 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 02:33:53 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 02:33:19 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 02:33:19 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 02:33:53 625,152 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 02:33:53 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 02:33:54 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 02:33:54 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 02:33:19 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 02:33:19 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 02:33:19 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 02:33:19 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 02:33:19 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 02:33:19 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 02:33:55 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-14 01:57:48 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 02:33:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 02:33:20 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 02:33:20 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 02:33:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-14 01:58:00 273,664 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 02:33:20 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 02:33:20 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 02:33:20 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 02:33:55 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 02:33:20 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 02:33:20 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 02:33:20 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 02:33:20 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 02:33:20 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\Ser
0
Réponse 8 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis
0
Réponse 9 / 18
Charles_57 Messages postés 9 Statut Membre
 
Voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:21, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Charly\Local Settings\Temporary Internet Files\Content.IE5\UBWEZVLN\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - https://shotonline.gamescampus.com/Error/error404
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 10 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Je te conseille de supprimer Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Puis d'installer Antivir pour ensuite faire un scan complet de ton disque dur :
https://www.mediafire.com/?sharekey=1ab12433e284b403d2db6fb9a8902bda
0
Réponse 11 / 18
Charles_57 Messages postés 9 Statut Membre
 
Oula c'est assez violent ça! Surtout que je le paye mon Norton! (je sais je suis taré).

Est-il vraiment nécessaire de faire ceci? Quels sont les problèmes qui persistent encore? Et enfin qu'est ce que je gagnerai si je change pour Antivir?

Merci beaucoups pour le temps que tu prends pour m'aider.
0
Réponse 12 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu payes Norton...

Bon ok, tant pis pour toi.

Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
0
Réponse 13 / 18
Charles_57 Messages postés 9 Statut Membre
 
Oui je paye Norton mais jusqu'à ce trojan je n'étais pas trop déçu :D.

Y a-t-il encore des infections importantes?
0
Réponse 14 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
C'est quelle version que tu as ?
0
Réponse 15 / 18
Charles_57 Messages postés 9 Statut Membre
 
version 2005 !
0
Réponse 16 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu payes un antivirus qui date de 2004 ?????

Il est plein de failles de sécurité depuis le temps.

Installe Antivir, tu gagneras en efficacité.
0
Réponse 17 / 18
Charles_57 Messages postés 9 Statut Membre
 
Arf je pensais que tout allait bien puisque des mises à jour sont installées tout le temps. Je vais peut être changer alors
0
Réponse 18 / 18
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ah, les petites habitudes... xD
0