Fond d écran blanc maintenant bleue

Résolu
pierre_91 Messages postés 1707 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
mon antivirus ma di que mon pc étai infecter j ais une analyse et rien :je l ais refais en mode sans echec rien ,la j ais scan avec mba dont voici le premier rapport en mode sans echec
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1070
Windows 6.0.6000

17:03:55 20/08/2008
mbam-log-08-20-2008 (17-03-55).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 98179
Temps écoulé: 14 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détect
au debut fond d écran blanc maintenant il et bleue
Configuration: Windows Vista
Internet Explorer 7.0

29 réponses

  • 1
  • 2
Résumé de la discussion

Problème : une alerte antivirus signale une infection, mais une analyse complète avec Malwarebytes en mode sans échec ne repère que des entrées Hijack.Wallpaper dans le registre, sans fichiers malveillants détectés. Des solutions préconisent de désinstaller l’antivirus problématique et d’installer Avira Free Antivirus, puis d’effectuer un nouveau scan détaillé, éventuellement complété par A-Squared et EMSISOFT et HijackThis pour une évaluation plus poussée. Des échanges évoquent des vérifications supplémentaires comme l’utilisation d’outils tiers ou l’analyse des historiques de démarrage, tandis que des entrées système et des logiciels divers compliquent l’interprétation des rapports.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. plm69 Messages postés 532 Statut Membre 17
     
    1
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      voici le log combofix mais mon fond d écran est toujour bleu

      ComboFix 08-08-19.02 - pierre 2008-08-20 17:56:20.3 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
      Endroit: C:\Users\pierre\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-17 13:41 . 2008-08-18 22:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-08-16 22:59 . 2008-08-17 12:23 <REP> d-------- C:\Users\All Users\eMule
      2008-08-16 22:59 . 2008-08-17 12:23 <REP> d-------- C:\ProgramData\eMule
      2008-08-13 17:12 . 2008-08-13 17:12 <REP> d-------- C:\Windows\BDOSCAN8
      2008-08-12 21:57 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll
      2008-08-12 21:45 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
      2008-08-12 21:45 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll
      2008-08-12 21:45 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll
      2008-08-12 21:45 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
      2008-08-10 17:01 . 2008-08-10 17:01 <REP> d-------- C:\perflogs
      2008-08-06 15:09 . 2008-08-06 17:15 <REP> d-------- C:\Users\All Users\services
      2008-08-06 15:09 . 2008-08-06 17:15 <REP> d-------- C:\ProgramData\services
      2008-07-28 21:22 . 2008-07-28 21:22 <REP> d-------- C:\Users\All Users\Google Updater
      2008-07-28 21:22 . 2008-07-28 21:22 <REP> d-------- C:\ProgramData\Google Updater
      2008-07-28 20:17 . 2008-08-18 15:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-28 20:17 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
      2008-07-28 20:17 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
      2008-07-28 18:17 . 2008-07-28 18:17 <REP> d-------- C:\Program Files\CCleaner
      2008-07-22 16:16 . 2008-07-22 16:16 <REP> d-------- C:\Program Files\Sun

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-20 15:21 436 ----a-w C:\Users\pierre\AppData\Roaming\wklnhst.dat
      2008-08-19 15:16 --------- d-----w C:\Program Files\Microsoft Silverlight
      2008-08-18 20:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2008-08-13 15:02 --------- d-----w C:\Program Files\Windows Mail
      2008-08-12 20:00 --------- d-----w C:\ProgramData\Microsoft Help
      2008-08-01 22:09 --------- d-----w C:\Program Files\Google
      2008-07-24 19:07 --------- d-----w C:\Program Files\Trend Micro
      2008-07-23 16:00 --------- d-----w C:\Program Files\TELE2
      2008-07-22 14:15 --------- d-----w C:\Program Files\Java
      2008-07-21 14:31 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
      2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
      2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
      2008-07-16 16:52 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-07-16 16:51 --------- d-----w C:\ProgramData\Nero
      2008-07-15 19:35 --------- d-----w C:\Program Files\VS Revo Group
      2008-07-13 14:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-07-13 13:56 --------- d-----w C:\Users\pierre\AppData\Roaming\Malwarebytes
      2008-07-13 13:55 --------- d-----w C:\ProgramData\Malwarebytes
      2008-07-12 21:46 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-07-09 18:17 174 --sha-w C:\Program Files\desktop.ini
      2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
      2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
      2008-06-23 07:44 62,464 ----a-w C:\Windows\system32\drivers\RTSTOR.sys
      2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-06-09 13:19 27,430 ----a-w C:\Users\pierre\AppData\Roaming\nvModes.dat
      .

      ((((((((((((((((((((((((((((( snapshot_2008-07-27_ 1.29.08.30 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-24 20:53:50 251,272 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
      + 2008-08-12 19:48:01 250,928 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
      + 2006-05-24 23:21:00 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
      + 2006-05-24 23:21:14 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
      - 2008-07-17 18:27:09 51,200 ----a-w C:\Windows\inf\infpub.dat
      + 2008-07-27 10:47:20 51,200 ----a-w C:\Windows\inf\infpub.dat
      - 2008-07-17 18:27:09 86,016 ----a-w C:\Windows\inf\infstor.dat
      + 2008-07-27 10:47:20 86,016 ----a-w C:\Windows\inf\infstor.dat
      - 2008-07-17 18:27:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
      + 2008-07-27 10:47:20 86,016 ----a-w C:\Windows\inf\infstrng.dat
      + 2007-08-28 21:06:16 467,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
      + 2007-08-28 21:06:44 7,990,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL
      + 2008-04-24 20:53:50 251,272 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\PPTPIA.DLL
      + 2008-02-04 08:10:10 208,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingDevice.dll
      + 2008-02-04 08:06:54 417,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingServices.dll
      + 2008-02-04 08:08:42 83,488 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\LiveAlbumXCtrl.dll
      + 2008-02-04 08:07:46 1,779,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\MicrosoftEffects.dll
      + 2008-02-04 08:05:04 46,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\PhotoViewerShim.dll
      + 2008-02-04 08:06:46 372,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXAlbumDownloadWizard.exe
      + 2008-02-01 09:23:12 279,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\wlxclip.dll
      + 2008-02-01 09:13:40 191,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXDSPA.dll
      + 2008-02-04 08:10:02 130,592 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXGrinderScheduler.dll
      + 2008-02-04 08:06:00 59,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXImageTranscode.dll
      + 2008-02-04 08:08:26 712,224 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXMediaPublishSubscribe.dll
      + 2008-02-01 09:17:40 587,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPGSS.SCR
      + 2008-02-04 08:07:22 1,565,728 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcq.dll
      + 2008-02-01 09:13:40 227,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcquireWizard.exe
      + 2008-02-04 08:08:38 86,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoCinematic.dll
      + 2008-02-04 08:08:32 83,488 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoClassic.dll
      + 2008-02-04 08:09:08 125,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGallery.exe
      + 2008-02-01 09:13:42 16,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGalleryRepair.exe
      + 2008-02-04 08:06:54 394,272 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoLibraryDatabase.dll
      + 2008-02-04 08:06:20 1,515,040 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoViewer.dll
      + 2008-02-04 08:06:20 1,250,336 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoVoyager.dll
      + 2008-02-04 08:06:18 752,672 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipeline.dll
      + 2008-02-04 08:06:14 734,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipetran.dll
      + 2008-02-01 09:13:42 101,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHost.exe
      + 2008-02-04 08:05:00 20,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHostPS.dll
      + 2008-02-04 08:05:04 53,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeShellExt.dll
      + 2008-02-04 08:08:42 85,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXThumbCache.dll
      + 2008-02-04 08:10:04 144,416 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVAFilt.dll
      + 2008-02-04 08:07:40 675,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoAcquireWizard.exe
      + 2008-02-04 08:07:10 69,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoCameraAutoPlayManager.exe
      + 2008-02-04 08:10:10 165,408 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoTrim.dll
      - 2008-05-14 14:12:27 35,600 ----a-r C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
      + 2008-08-12 19:52:00 35,600 ----a-r C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
      - 2008-05-14 14:13:03 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
      + 2008-08-12 20:00:31 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
      - 2008-05-14 14:13:02 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
      + 2008-08-12 20:00:31 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
      - 2008-05-14 14:13:03 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
      + 2008-08-12 20:00:31 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
      - 2008-05-14 14:13:03 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
      + 2008-08-12 20:00:31 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
      - 2008-05-14 14:13:04 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
      + 2008-08-12 20:00:31 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
      - 2008-05-14 14:13:02 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
      + 2008-08-12 20:00:31 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
      - 2008-05-14 14:13:04 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
      + 2008-08-12 20:00:31 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
      - 2008-05-14 14:13:02 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
      + 2008-08-12 20:00:31 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
      - 2008-04-24 20:51:15 49,936 ----a-r C:\Windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
      + 2008-08-12 19:52:09 49,936 ----a-r C:\Windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
      - 2008-04-20 11:37:28 123,008 ----a-r C:\Windows\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
      + 2008-08-07 15:12:41 123,008 ----a-r C:\Windows\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
      - 2008-07-26 22:36:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2008-08-20 15:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2008-07-26 22:36:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2008-08-20 15:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2008-06-09 15:42:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-08-01 22:49:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-06-09 15:42:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-08-01 22:49:43 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-06-09 15:42:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-08-01 22:49:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-07-26 22:39:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-08-20 15:52:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-08-20 15:52:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-07-26 22:39:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-08-20 15:51:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-08-20 15:51:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-20 11:34:03 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
      + 2008-07-16 04:09:30 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
      - 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\System32\advpack.dll
      + 2008-07-16 04:09:38 124,928 ----a-w C:\Windows\System32\advpack.dll
      - 2008-05-15 23:24:43 1,152,888 ----a-w C:\Windows\System32\aswBoot.exe
      + 2008-07-19 14:43:08 1,163,960 ----a-w C:\Windows\System32\aswBoot.exe
      - 2008-05-15 23:12:36 95,608 ----a-w C:\Windows\System32\AvastSS.scr
      + 2008-07-19 14:30:53 94,392 ----a-w C:\Windows\System32\AvastSS.scr
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-07-27 18:24:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072720080728\index.dat
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-07-26 23:26:39 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-08-20 15:56:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-08-20 15:56:15 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
      - 2008-05-15 23:16:06 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
      + 2008-07-19 14:37:42 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
      - 2008-05-15 23:15:29 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
      + 2008-07-19 14:33:42 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
      - 2008-05-15 23:20:32 78,416 ----a-w C:\Windows\System32\drivers\aswSP.sys
      + 2008-07-19 14:35:18 78,416 ----a-w C:\Windows\System32\drivers\aswSP.sys
      - 2008-05-15 23:14:11 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
      + 2008-07-19 14:32:36 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
      - 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
      + 2007-11-16 09:28:24 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
      + 2006-11-02 09:14:17 35,328 ----a-w C:\Windows\System32\drivers\usbscan.sys
      - 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      + 2008-06-27 03:54:44 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      - 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      + 2008-06-27 03:54:44 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      - 2006-11-02 09:46:04 259,584 ----a-w C:\Windows\System32\es.dll
      + 2008-04-19 08:13:07 268,800 ----a-w C:\Windows\System32\es.dll
      + 2006-11-02 09:46:11 557,568 ----a-w C:\Windows\System32\hpotscl1.dll
      + 2006-11-02 09:46:11 934,912 ----a-w C:\Windows\System32\hpowiav1.dll
      + 2006-11-02 09:46:05 30,208 ----a-w C:\Windows\System32\HPZ3LLHN.DLL
      - 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\System32\icardie.dll
      + 2008-06-27 03:54:45 63,488 ----a-w C:\Windows\System32\icardie.dll
      - 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      + 2008-06-27 03:54:09 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      - 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      + 2008-06-27 03:54:45 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      - 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      + 2008-06-27 03:54:45 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      - 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\System32\iernonce.dll
      + 2008-06-27 03:54:45 44,544 ----a-w C:\Windows\System32\iernonce.dll
      - 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\System32\ieui.dll
      + 2008-06-27 03:54:45 180,736 ----a-w C:\Windows\System32\ieui.dll
      - 2007-11-16 09:25:51 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      + 2008-04-10 05:01:31 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      - 2007-11-16 09:25:51 84,480 ----a-w C:\Windows\System32\INETRES.dll
      + 2008-04-10 02:43:11 84,480 ----a-w C:\Windows\System32\INETRES.dll
      - 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      + 2008-06-27 03:54:45 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      - 2006-03-20 11:17:24 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      + 2008-08-13 13:03:26 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      - 2006-03-20 11:17:20 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
      + 2008-08-13 13:03:26 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
      - 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      + 2008-06-27 03:54:49 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      - 2008-06-25 16:15:46 17,972,344 ----a-w C:\Windows\System32\mrt.exe
      + 2008-08-05 18:11:01 15,888,504 ----a-w C:\Windows\System32\mrt.exe
      - 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
      + 2008-06-27 03:54:45 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
      - 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\System32\mshtmled.dll
      + 2008-06-27 03:54:45 477,696 ----a-w C:\Windows\System32\mshtmled.dll
      - 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\System32\mstime.dll
      + 2008-06-27 03:54:47 671,232 ----a-w C:\Windows\System32\mstime.dll
      - 2008-07-12 21:52:44 104,798 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-08-05 19:49:04 104,798 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-07-12 21:52:44 118,446 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-08-05 19:49:04 118,446 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-07-12 21:52:44 611,776 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-08-05 19:49:04 611,776 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-07-12 21:52:44 692,466 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-08-05 19:49:04 692,466 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      + 2008-06-27 03:54:48 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      - 2008-07-15 18:14:04 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
      + 2008-08-13 15:19:10 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
      + 2006-11-02 09:46:05 5,387,776 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIGLHN.DLL
      + 2006-11-02 09:46:11 251,904 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIME50.DLL
      + 2006-11-02 09:46:05 19,968 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFRES50.DLL
      + 2006-11-02 09:46:11 1,515,520 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZ3ALHN.DLL
      + 2006-11-02 09:46:05 1,253,888 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZ3RLHN.DLL
      + 2006-11-02 09:46:11 365,568 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZEVLHN.DLL
      + 2006-11-02 09:46:11 79,872 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZPRLHN.DLL
      + 2006-09-18 21:44:24 562,176 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSSLHN.DLL
      + 2006-09-18 21:44:24 3,447,808 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSTLHN.DLL
      + 2006-11-02 09:46:11 2,725,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZUILHN.DLL
      + 2006-11-02 09:46:05 89,600 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
      - 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      + 2008-06-27 03:54:49 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      - 2008-07-26 22:39:03 11,842 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1485623736-812755021-2284708237-1000_UserData.bin
      + 2008-08-20 15:51:28 12,574 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1485623736-812755021-2284708237-1000_UserData.bin
      - 2008-07-26 22:39:03 67,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-08-20 15:51:28 69,122 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-07-17 19:02:33 3,298 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
      + 2008-08-18 19:05:37 3,298 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
      - 2008-07-26 22:39:01 58,520 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-08-20 15:51:27 60,304 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      - 2008-07-15 18:13:19 31,265,751 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-08-13 14:47:42 40,784,002 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803\AcRes.dll
      + 2008-06-12 01:18:58 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c\AcRes.dll
      + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64\AcRes.dll
      + 2008-06-12 02:57:04 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215\AcRes.dll
      + 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\AcLayers.dll
      + 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\AcXtrnal.dll
      + 2008-06-12 05:16:14 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\AcLayers.dll
      + 2008-06-12 05:16:15 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\AcXtrnal.dll
      + 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\AcLayers.dll
      + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\AcXtrnal.dll
      + 2008-06-12 05:15:18 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\AcLayers.dll
      + 2008-06-12 05:15:19 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\AcXtrnal.dll
      + 2008-07-16 04:09:38 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16717_none_a9e15ad3f5abc778\advpack.dll
      + 2008-07-18 03:13:52 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20879_none_aa2c18ab0ef84196\advpack.dll
      + 2008-04-19 08:13:07 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
      + 2008-04-19 08:27:37 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
      + 2008-04-18 05:48:39 269,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
      + 2008-04-18 05:30:29 269,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
      + 2008-06-27 03:54:48 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d\pngfilt.dll
      + 2008-06-27 03:49:09 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d\pngfilt.dll
      + 2008-06-27 03:54:49 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\urlmon.dll
      + 2008-06-27 03:49:41 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\urlmon.dll
      + 2008-06-27 04:15:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\urlmon.dll
      + 2008-06-27 03:50:29 1,166,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\urlmon.dll
      + 2008-06-27 03:54:47 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40\mstime.dll
      + 2008-06-27 03:47:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920\mstime.dll
      + 2008-06-27 04:15:25 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a\mstime.dll
      + 2008-06-27 03:48:43 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652\mstime.dll
      + 2008-07-15 23:48:18 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16717_none_135d4bd00c6d4a6b\tzres.dll
      + 2008-07-16 04:09:30 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16717_none_135d4bd00c6d4a6b\tzupd.exe
      + 2008-07-15 23:43:45 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20878_none_13a7095d25baab32\tzres.dll
      + 2008-07-16 01:28:34 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20878_none_13a7095d25baab32\tzupd.exe
      + 2008-07-16 01:32:44 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18108_none_154f5aac098ad8c2\tzres.dll
      + 2008-01-19 07:33:33 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18108_none_154f5aac098ad8c2\tzupd.exe
      + 2008-07-16 01:27:35 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22223_none_15be562d22bd31bb\tzres.dll
      + 2008-07-16 01:27:35 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22223_none_15be562d22bd31bb\tzupd.exe
      + 2008-06-27 03:54:45 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\jsproxy.dll
      + 2008-06-27 03:54:49 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
      + 2008-06-27 03:54:49 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\WininetPlugin.dll
      + 2008-06-27 03:47:03 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\jsproxy.dll
      + 2008-06-27 03:49:46 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
      + 2008-06-27 03:49:46 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\WininetPlugin.dll
      + 2008-06-27 04:15:24 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\jsproxy.dll
      + 2008-06-27 04:15:28 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
      + 2008-06-27 04:15:28 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\WininetPlugin.dll
      + 2008-06-27 03:47:35 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\jsproxy.dll
      + 2008-06-27 03:50:35 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
      + 2008-06-27 03:50:35 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\WininetPlugin.dll
      + 2008-04-20 11:34:55 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\ieapfltr.dat
      + 2008-06-27 03:54:45 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\ieapfltr.dll
      + 2008-04-20 11:34:55 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\ieapfltr.dat
      + 2008-06-27 03:46:48 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\ieapfltr.dll
      + 2008-06-27 03:54:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\dxtmsft.dll
      + 2008-06-27 03:54:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\dxtrans.dll
      + 2008-06-27 03:46:25 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\dxtmsft.dll
      + 2008-06-27 03:46:25 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\dxtrans.dll
      + 2008-06-27 03:54:45 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16711_none_4638dd0546456672\mshtmled.dll
      + 2008-06-27 03:47:32 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20868_none_46936c3a5f854352\mshtmled.dll
      + 2008-06-27 03:54:45 3,592,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16711_none_1153063a250a1c9a\mshtml.dll
      + 2008-06-27 03:47:31 3,594,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20868_none_11ad956f3e49f97a\mshtml.dll
      + 2008-06-27 04:15:24 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18099_none_12eac5ea226a5aa4\mshtml.dll
      + 2008-06-27 03:48:28 3,578,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22212_none_13c3e1f53b4d66ac\mshtml.dll
      + 2008-06-27 03:54:45 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16711_none_58ab7304671ea8a3\icardie.dll
      + 2008-06-27 03:46:48 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20868_none_59060239805e8583\icardie.dll
      + 2008-06-27 03:54:09 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\ieUnatt.exe
      + 2008-06-27 03:54:09 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
      + 2008-06-27 01:41:11 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\ieUnatt.exe
      + 2008-06-27 01:41:30 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
      + 2008-06-27 03:54:09 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\ie4uinit.exe
      + 2008-06-27 03:54:45 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\iernonce.dll
      + 2008-06-27 03:54:45 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\iesetup.dll
      + 2008-06-27 01:41:00 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\ie4uinit.exe
      + 2008-06-27 03:46:49 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\iernonce.dll
      + 2008-06-27 03:46:49 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\iesetup.dll
      + 2008-06-27 03:54:45 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16711_none_2a05bf326809c049\iebrshim.dll
      + 2008-06-27 03:46:48 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20868_none_2a604e6781499d29\iebrshim.dll
      + 2008-06-27 03:54:45 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7\ieframe.dll
      + 2008-06-27 03:54:45 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7\ieui.dll
      + 2008-06-27 03:46:49 6,068,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7\ieframe.dll
      + 2008-06-27 03:46:49 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7\ieui.dll
      + 2008-06-27 04:15:23 6,068,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\ieframe.dll
      + 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\ieui.dll
      + 2008-06-27 03:47:06 6,070,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9\ieframe.dll
      + 2008-06-27 03:47:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9\ieui.dll
      + 2008-06-27 03:54:09 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16711_none_e6abccbc9482feff\ieinstal.exe
      + 2008-06-27 01:41:23 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20868_none_e7065bf1adc2dbdf\ieinstal.exe
      + 2008-06-27 03:54:09 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16711_none_0b5401d8d6fdbeb1\ieuser.exe
      + 2008-06-27 01:41:24 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20868_none_0bae910df03d9b91\ieuser.exe
      + 2008-04-30 05:29:59 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6000.16683_none_5fb7376b44d6ca52\msadce.dll
      + 2008-04-30 05:19:33 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6000.20825_none_6083b6385dc1f24b\msadce.dll
      + 2008-04-30 05:36:32 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6001.18065_none_61b5167d41eb560f\msadce.dll
      + 2008-04-30 05:25:53 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6001.22169_none_6242b4705b055b35\msadce.dll
      + 2008-04-10 05:01:31 737,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.16669_none_77930ed65b8e9f2d\inetcomm.dll
      + 2008-04-10 02:43:11 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.16669_none_77930ed65b8e9f2d\INETRES.dll
      + 2008-04-10 04:56:31 737,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.20810_none_7849ba89748bcc5a\inetcomm.dll
      + 2008-04-10 02:44:56 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.20810_none_7849ba89748bcc5a\INETRES.dll
      + 2008-04-10 05:12:41 738,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\inetcomm.dll
      + 2006-11-02 08:48:55 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\INETRES.dll
      + 2008-04-10 04:59:52 738,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22154_none_7a08b8c171cf3544\inetcomm.dll
      + 2008-04-10 02:51:10 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22154_none_7a08b8c171cf3544\INETRES.dll
      + 2008-06-19 03:25:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\FwRemoteSvr.dll
      + 2008-06-19 03:25:22 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\IPSECSVC.DLL
      + 2008-06-19 03:25:25 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\polstore.dll
      + 2008-06-19 03:25:26 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\winipsec.dll
      + 2008-06-19 03:11:10 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\FwRemoteSvr.dll
      + 2008-06-19 03:11:28 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\IPSECSVC.DLL
      + 2008-06-19 03:13:36 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\polstore.dll
      + 2008-06-19 03:14:12 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\winipsec.dll
      + 2008-01-19 07:34:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\FwRemoteSvr.dll
      + 2008-06-19 03:31:48 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\IPSECSVC.DLL
      + 2008-01-19 07:36:07 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\polstore.dll
      + 2008-01-19 07:36:55 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\winipsec.dll
      + 2008-06-19 03:12:13 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\FwRemoteSvr.dll
      + 2008-06-19 03:12:58 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\IPSECSVC.DLL
      + 2008-06-19 03:15:05 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\polstore.dll
      + 2008-06-19 03:15:48 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\winipsec.dll
      + 2008-06-30 23:03:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16714_none_f09b0ea06e5840aa\OESpamFilter.dat
      + 2008-06-30 22:56:06 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20874_none_f0e3cbe387a6881a\OESpamFilter.dat
      + 2008-07-04 02:02:58 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18104_none_f28c1d326b76b5aa\OESpamFilter.dat
      + 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22218_none_f30eeb398498d6c1\OESpamFilter.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-20 13:36 1232896]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-28 21:24 171448]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
      "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-07-29 15:41 1213680]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-05-25 12:17 159744]
      "FIC HotKey"="C:\Program Files\Hotkey Utility\tray.exe" [2007-07-13 15:38 561152]
      "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-05-16 12:42 29696]
      "Silent Mode"="C:\Program Files\Light Sensor Utility\Sensor.exe" [2007-06-27 10:56 253952]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

      C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "ValidateAdminCodeSignatures"= 1 (0x1)
      "FilterAdministratorToken"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{EE849512-1750-4752-9658-D3527CDB19FD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{BE11DD08-AA1A-4251-A90A-E1C4F7E46B48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{0AAE5F62-EA3E-4D98-B20D-446DC72354DD}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
      "{C4EE3803-388B-4383-A9D5-504EE186984C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{D461A291-063B-4921-A530-D82B647EB0B1}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
      "UDP Query User{D969DD8C-0724-41CD-97EA-D375810DADF7}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
      "{0DE9BC89-AF96-4E6F-A0E3-C15E830C05A9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{C0A3CAF8-F3B0-4856-B5E9-E786BDBF4F34}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "TCP Query User{510300B1-DBB9-409B-AD9D-D3D56857D81B}C:\\users\\pierre\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\pierre\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
      "UDP Query User{D4192A9F-A54A-49B7-9B98-5EF93B430151}C:\\users\\pierre\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\pierre\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
      "TCP Query User{68053F71-8F92-476D-9B49-13F7727199CB}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
      "UDP Query User{59E1D1A5-0842-470C-9EC7-B557EC9909A2}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
      "TCP Query User{EDF2D800-DCA6-4DA4-8DF0-26D35DAAF4EF}C:\\users\\pierre\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\pierre\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
      "UDP Query User{E0128A82-24C5-4336-B5C6-7A0AE7F566B1}C:\\users\\pierre\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\pierre\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
      "TCP Query User{E9C97373-7CFD-4919-8A74-F8A24E4D24F2}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
      "UDP Query User{74F08B60-DCC2-4BE9-8257-D214403DD9BE}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
      "TCP Query User{85DD36EC-8E70-479D-9F79-9C32E7FFDD08}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
      "UDP Query User{14340551-CA54-417D-92CA-42F621FBC1B5}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
      "TCP Query User{BE2C15CB-49A3-4D24-9172-2779B940A729}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{8598122F-9864-428E-AFFE-8C31C87694B6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)
      "DoNotAllowExceptions"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
      R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 11:52]
      R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 09:44]
      S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

      2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{88E50F82-E0EA-4A84-BD14-221F83FDD350}.job
      - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

      2008-04-20 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
      .
      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\e64q91wp.default\
      .
      .
      ------- File Associations (Beta) -------
      .
      VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
      VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
      vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
      vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
      jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-20 17:58:17
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-20 17:59:12
      ComboFix-quarantined-files.txt 2008-08-20 15:59:00

      Pre-Run: 76,309,975,040 octets libres
      Post-Run: 76,284,858,368 octets libres

      482 --- E O F --- 2008-08-20 15:32:43
      0
    2. pierre_91 Messages postés 1707 Statut Membre 4
       
      voici le log combofix mais mon fon d écran est toujoujour bleu

      ComboFix 08-08-19.02 - pierre 2008-08-20 17:56:20.3 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
      Endroit: C:\Users\pierre\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-17 13:41 . 2008-08-18 22:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-08-16 22:59 . 2008-08-17 12:23 <REP> d-------- C:\Users\All Users\eMule
      2008-08-16 22:59 . 2008-08-17 12:23 <REP> d-------- C:\ProgramData\eMule
      2008-08-13 17:12 . 2008-08-13 17:12 <REP> d-------- C:\Windows\BDOSCAN8
      2008-08-12 21:57 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll
      2008-08-12 21:45 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
      2008-08-12 21:45 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll
      2008-08-12 21:45 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll
      2008-08-12 21:45 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
      2008-08-10 17:01 . 2008-08-10 17:01 <REP> d-------- C:\perflogs
      2008-08-06 15:09 . 2008-08-06 17:15 <REP> d-------- C:\Users\All Users\services
      2008-08-06 15:09 . 2008-08-06 17:15 <REP> d-------- C:\ProgramData\services
      2008-07-28 21:22 . 2008-07-28 21:22 <REP> d-------- C:\Users\All Users\Google Updater
      2008-07-28 21:22 . 2008-07-28 21:22 <REP> d-------- C:\ProgramData\Google Updater
      2008-07-28 20:17 . 2008-08-18 15:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-28 20:17 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
      2008-07-28 20:17 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
      2008-07-28 18:17 . 2008-07-28 18:17 <REP> d-------- C:\Program Files\CCleaner
      2008-07-22 16:16 . 2008-07-22 16:16 <REP> d-------- C:\Program Files\Sun

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-20 15:21 436 ----a-w C:\Users\pierre\AppData\Roaming\wklnhst.dat
      2008-08-19 15:16 --------- d-----w C:\Program Files\Microsoft Silverlight
      2008-08-18 20:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2008-08-13 15:02 --------- d-----w C:\Program Files\Windows Mail
      2008-08-12 20:00 --------- d-----w C:\ProgramData\Microsoft Help
      2008-08-01 22:09 --------- d-----w C:\Program Files\Google
      2008-07-24 19:07 --------- d-----w C:\Program Files\Trend Micro
      2008-07-23 16:00 --------- d-----w C:\Program Files\TELE2
      2008-07-22 14:15 --------- d-----w C:\Program Files\Java
      2008-07-21 14:31 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
      2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
      2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
      2008-07-16 16:52 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-07-16 16:51 --------- d-----w C:\ProgramData\Nero
      2008-07-15 19:35 --------- d-----w C:\Program Files\VS Revo Group
      2008-07-13 14:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-07-13 13:56 --------- d-----w C:\Users\pierre\AppData\Roaming\Malwarebytes
      2008-07-13 13:55 --------- d-----w C:\ProgramData\Malwarebytes
      2008-07-12 21:46 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-07-09 18:17 174 --sha-w C:\Program Files\desktop.ini
      2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
      2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
      2008-06-23 07:44 62,464 ----a-w C:\Windows\system32\drivers\RTSTOR.sys
      2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-06-09 13:19 27,430 ----a-w C:\Users\pierre\AppData\Roaming\nvModes.dat
      .

      ((((((((((((((((((((((((((((( snapshot_2008-07-27_ 1.29.08.30 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-24 20:53:50 251,272 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
      + 2008-08-12 19:48:01 250,928 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
      + 2006-05-24 23:21:00 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
      + 2006-05-24 23:21:14 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
      - 2008-07-17 18:27:09 51,200 ----a-w C:\Windows\inf\infpub.dat
      + 2008-07-27 10:47:20 51,200 ----a-w C:\Windows\inf\infpub.dat
      - 2008-07-17 18:27:09 86,016 ----a-w C:\Windows\inf\infstor.dat
      + 2008-07-27 10:47:20 86,016 ----a-w C:\Windows\inf\infstor.dat
      - 2008-07-17 18:27:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
      + 2008-07-27 10:47:20 86,016 ----a-w C:\Windows\inf\infstrng.dat
      + 2007-08-28 21:06:16 467,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
      + 2007-08-28 21:06:44 7,990,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL
      + 2008-04-24 20:53:50 251,272 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002119F20000000000000000F01FEC\12.0.6215\PPTPIA.DLL
      + 2008-02-04 08:10:10 208,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingDevice.dll
      + 2008-02-04 08:06:54 417,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingServices.dll
      + 2008-02-04 08:08:42 83,488 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\LiveAlbumXCtrl.dll
      + 2008-02-04 08:07:46 1,779,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\MicrosoftEffects.dll
      + 2008-02-04 08:05:04 46,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\PhotoViewerShim.dll
      + 2008-02-04 08:06:46 372,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXAlbumDownloadWizard.exe
      + 2008-02-01 09:23:12 279,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\wlxclip.dll
      + 2008-02-01 09:13:40 191,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXDSPA.dll
      + 2008-02-04 08:10:02 130,592 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXGrinderScheduler.dll
      + 2008-02-04 08:06:00 59,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXImageTranscode.dll
      + 2008-02-04 08:08:26 712,224 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXMediaPublishSubscribe.dll
      + 2008-02-01 09:17:40 587,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPGSS.SCR
      + 2008-02-04 08:07:22 1,565,728 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcq.dll
      + 2008-02-01 09:13:40 227,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcquireWizard.exe
      + 2008-02-04 08:08:38 86,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoCinematic.dll
      + 2008-02-04 08:08:32 83,488 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoClassic.dll
      + 2008-02-04 08:09:08 125,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGallery.exe
      + 2008-02-01 09:13:42 16,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGalleryRepair.exe
      + 2008-02-04 08:06:54 394,272 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoLibraryDatabase.dll
      + 2008-02-04 08:06:20 1,515,040 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoViewer.dll
      + 2008-02-04 08:06:20 1,250,336 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoVoyager.dll
      + 2008-02-04 08:06:18 752,672 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipeline.dll
      + 2008-02-04 08:06:14 734,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipetran.dll
      + 2008-02-01 09:13:42 101,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHost.exe
      + 2008-02-04 08:05:00 20,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHostPS.dll
      + 2008-02-04 08:05:04 53,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeShellExt.dll
      + 2008-02-04 08:08:42 85,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXThumbCache.dll
      + 2008-02-04 08:10:04 144,416 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVAFilt.dll
      + 2008-02-04 08:07:40 675,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoAcquireWizard.exe
      + 2008-02-04 08:07:10 69,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoCameraAutoPlayManager.exe
      + 2008-02-04 08:10:10 165,408 ----a-r C:\Windows\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoTrim.dll
      - 2008-05-14 14:12:27 35,600 ----a-r C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
      + 2008-08-12 19:52:00 35,600 ----a-r C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
      - 2008-05-14 14:13:03 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
      + 2008-08-12 20:00:31 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
      - 2008-05-14 14:13:02 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
      + 2008-08-12 20:00:31 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
      - 2008-05-14 14:13:03 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
      + 2008-08-12 20:00:31 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
      - 2008-05-14 14:13:03 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
      + 2008-08-12 20:00:31 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
      - 2008-05-14 14:13:04 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
      + 2008-08-12 20:00:31 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
      - 2008-05-14 14:13:02 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
      + 2008-08-12 20:00:31 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
      - 2008-05-14 14:13:04 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
      + 2008-08-12 20:00:31 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
      - 2008-05-14 14:13:02 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
      + 2008-08-12 20:00:31 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
      - 2008-04-24 20:51:15 49,936 ----a-r C:\Windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
      + 2008-08-12 19:52:09 49,936 ----a-r C:\Windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
      - 2008-04-20 11:37:28 123,008 ----a-r C:\Windows\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
      + 2008-08-07 15:12:41 123,008 ----a-r C:\Windows\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
      - 2008-07-26 22:36:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2008-08-20 15:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2008-07-26 22:36:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2008-08-20 15:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2008-06-09 15:42:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-08-01 22:49:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-06-09 15:42:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-08-01 22:49:43 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-06-09 15:42:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-08-01 22:49:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-07-26 22:39:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-08-20 15:52:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-08-20 15:52:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-07-26 22:39:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-08-20 15:51:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-08-20 15:51:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-20 11:34:03 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
      + 2008-07-16 04:09:30 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
      - 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\System32\advpack.dll
      + 2008-07-16 04:09:38 124,928 ----a-w C:\Windows\System32\advpack.dll
      - 2008-05-15 23:24:43 1,152,888 ----a-w C:\Windows\System32\aswBoot.exe
      + 2008-07-19 14:43:08 1,163,960 ----a-w C:\Windows\System32\aswBoot.exe
      - 2008-05-15 23:12:36 95,608 ----a-w C:\Windows\System32\AvastSS.scr
      + 2008-07-19 14:30:53 94,392 ----a-w C:\Windows\System32\AvastSS.scr
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-07-27 18:24:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072720080728\index.dat
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-07-26 22:37:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-08-20 15:49:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-07-26 23:26:39 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-08-20 15:56:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-08-20 15:56:15 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
      - 2008-05-15 23:16:06 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
      + 2008-07-19 14:37:42 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
      - 2008-05-15 23:15:29 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
      + 2008-07-19 14:33:42 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
      - 2008-05-15 23:20:32 78,416 ----a-w C:\Windows\System32\drivers\aswSP.sys
      + 2008-07-19 14:35:18 78,416 ----a-w C:\Windows\System32\drivers\aswSP.sys
      - 2008-05-15 23:14:11 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
      + 2008-07-19 14:32:36 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
      - 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
      + 2007-11-16 09:28:24 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
      + 2006-11-02 09:14:17 35,328 ----a-w C:\Windows\System32\drivers\usbscan.sys
      - 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      + 2008-06-27 03:54:44 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      - 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      + 2008-06-27 03:54:44 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      - 2006-11-02 09:46:04 259,584 ----a-w C:\Windows\System32\es.dll
      + 2008-04-19 08:13:07 268,800 ----a-w C:\Windows\System32\es.dll
      + 2006-11-02 09:46:11 557,568 ----a-w C:\Windows\System32\hpotscl1.dll
      + 2006-11-02 09:46:11 934,912 ----a-w C:\Windows\System32\hpowiav1.dll
      + 2006-11-02 09:46:05 30,208 ----a-w C:\Windows\System32\HPZ3LLHN.DLL
      - 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\System32\icardie.dll
      + 2008-06-27 03:54:45 63,488 ----a-w C:\Windows\System32\icardie.dll
      - 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      + 2008-06-27 03:54:09 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      - 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      + 2008-06-27 03:54:45 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      - 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      + 2008-06-27 03:54:45 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      - 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\System32\iernonce.dll
      + 2008-06-27 03:54:45 44,544 ----a-w C:\Windows\System32\iernonce.dll
      - 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\System32\ieui.dll
      + 2008-06-27 03:54:45 180,736 ----a-w C:\Windows\System32\ieui.dll
      - 2007-11-16 09:25:51 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      + 2008-04-10 05:01:31 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      - 2007-11-16 09:25:51 84,480 ----a-w C:\Windows\System32\INETRES.dll
      + 2008-04-10 02:43:11 84,480 ----a-w C:\Windows\System32\INETRES.dll
      - 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      + 2008-06-27 03:54:45 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      - 2006-03-20 11:17:24 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      + 2008-08-13 13:03:26 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      - 2006-03-20 11:17:20 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
      + 2008-08-13 13:03:26 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
      - 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      + 2008-06-27 03:54:49 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      - 2008-06-25 16:15:46 17,972,344 ----a-w C:\Windows\System32\mrt.exe
      + 2008-08-05 18:11:01 15,888,504 ----a-w C:\Windows\System32\mrt.exe
      - 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
      + 2008-06-27 03:54:45 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
      - 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\System32\mshtmled.dll
      + 2008-06-27 03:54:45 477,696 ----a-w C:\Windows\System32\mshtmled.dll
      - 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\System32\mstime.dll
      + 2008-06-27 03:54:47 671,232 ----a-w C:\Windows\System32\mstime.dll
      - 2008-07-12 21:52:44 104,798 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-08-05 19:49:04 104,798 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-07-12 21:52:44 118,446 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-08-05 19:49:04 118,446 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-07-12 21:52:44 611,776 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-08-05 19:49:04 611,776 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-07-12 21:52:44 692,466 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-08-05 19:49:04 692,466 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      + 2008-06-27 03:54:48 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      - 2008-07-15 18:14:04 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
      + 2008-08-13 15:19:10 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
      + 2006-11-02 09:46:05 5,387,776 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIGLHN.DLL
      + 2006-11-02 09:46:11 251,904 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIME50.DLL
      + 2006-11-02 09:46:05 19,968 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFRES50.DLL
      + 2006-11-02 09:46:11 1,515,520 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZ3ALHN.DLL
      + 2006-11-02 09:46:05 1,253,888 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZ3RLHN.DLL
      + 2006-11-02 09:46:11 365,568 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZEVLHN.DLL
      + 2006-11-02 09:46:11 79,872 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZPRLHN.DLL
      + 2006-09-18 21:44:24 562,176 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSSLHN.DLL
      + 2006-09-18 21:44:24 3,447,808 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZSTLHN.DLL
      + 2006-11-02 09:46:11 2,725,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPZUILHN.DLL
      + 2006-11-02 09:46:05 89,600 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
      - 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      + 2008-06-27 03:54:49 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      - 2008-07-26 22:39:03 11,842 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1485623736-812755021-2284708237-1000_UserData.bin
      + 2008-08-20 15:51:28 12,574 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1485623736-812755021-2284708237-1000_UserData.bin
      - 2008-07-26 22:39:03 67,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-08-20 15:51:28 69,122 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-07-17 19:02:33 3,298 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
      + 2008-08-18 19:05:37 3,298 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
      - 2008-07-26 22:39:01 58,520 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-08-20 15:51:27 60,304 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      - 2008-07-15 18:13:19 31,265,751 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-08-13 14:47:42 40,784,002 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803\AcRes.dll
      + 2008-06-12 01:18:58 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c\AcRes.dll
      + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64\AcRes.dll
      + 2008-06-12 02:57:04 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215\AcRes.dll
      + 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\AcLayers.dll
      + 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\AcXtrnal.dll
      + 2008-06-12 05:16:14 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\AcLayers.dll
      + 2008-06-12 05:16:15 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\AcXtrnal.dll
      + 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\AcLayers.dll
      + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\AcXtrnal.dll
      + 2008-06-12 05:15:18 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\AcLayers.dll
      + 2008-06-12 05:15:19 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\AcXtrnal.dll
      + 2008-07-16 04:09:38 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16717_none_a9e15ad3f5abc778\advpack.dll
      + 2008-07-18 03:13:52 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20879_none_aa2c18ab0ef84196\advpack.dll
      + 2008-04-19 08:13:07 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
      + 2008-04-19 08:27:37 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
      + 2008-04-18 05:48:39 269,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
      + 2008-04-18 05:30:29 269,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
      + 2008-06-27 03:54:48 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d\pngfilt.dll
      + 2008-06-27 03:49:09 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d\pngfilt.dll
      + 2008-06-27 03:54:49 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\urlmon.dll
      + 2008-06-27 03:49:41 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\urlmon.dll
      + 2008-06-27 04:15:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\urlmon.dll
      + 2008-06-27 03:50:29 1,166,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\urlmon.dll
      + 2008-06-27 03:54:47 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40\mstime.dll
      + 2008-06-27 03:47:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920\mstime.dll
      + 2008-06-27 04:15:25 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a\mstime.dll
      + 2008-06-27 03:48:43 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652\mstime.dll
      + 2008-07-15 23:48:18 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16717_none_135d4bd00c6d4a6b\tzres.dll
      + 2008-07-16 04:09:30 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16717_none_135d4bd00c6d4a6b\tzupd.exe
      + 2008-07-15 23:43:45 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20878_none_13a7095d25baab32\tzres.dll
      + 2008-07-16 01:28:34 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20878_none_13a7095d25baab32\tzupd.exe
      + 2008-07-16 01:32:44 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18108_none_154f5aac098ad8c2\tzres.dll
      + 2008-01-19 07:33:33 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18108_none_154f5aac098ad8c2\tzupd.exe
      + 2008-07-16 01:27:35 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22223_none_15be562d22bd31bb\tzres.dll
      + 2008-07-16 01:27:35 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22223_none_15be562d22bd31bb\tzupd.exe
      + 2008-06-27 03:54:45 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\jsproxy.dll
      + 2008-06-27 03:54:49 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
      + 2008-06-27 03:54:49 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\WininetPlugin.dll
      + 2008-06-27 03:47:03 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\jsproxy.dll
      + 2008-06-27 03:49:46 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
      + 2008-06-27 03:49:46 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\WininetPlugin.dll
      + 2008-06-27 04:15:24 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\jsproxy.dll
      + 2008-06-27 04:15:28 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
      + 2008-06-27 04:15:28 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\WininetPlugin.dll
      + 2008-06-27 03:47:35 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\jsproxy.dll
      + 2008-06-27 03:50:35 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
      + 2008-06-27 03:50:35 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\WininetPlugin.dll
      + 2008-04-20 11:34:55 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\ieapfltr.dat
      + 2008-06-27 03:54:45 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\ieapfltr.dll
      + 2008-04-20 11:34:55 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\ieapfltr.dat
      + 2008-06-27 03:46:48 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\ieapfltr.dll
      + 2008-06-27 03:54:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\dxtmsft.dll
      + 2008-06-27 03:54:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\dxtrans.dll
      + 2008-06-27 03:46:25 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\dxtmsft.dll
      + 2008-06-27 03:46:25 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\dxtrans.dll
      + 2008-06-27 03:54:45 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16711_none_4638dd0546456672\mshtmled.dll
      + 2008-06-27 03:47:32 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20868_none_46936c3a5f854352\mshtmled.dll
      + 2008-06-27 03:54:45 3,592,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16711_none_1153063a250a1c9a\mshtml.dll
      + 2008-06-27 03:47:31 3,594,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20868_none_11ad956f3e49f97a\mshtml.dll
      + 2008-06-27 04:15:24 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18099_none_12eac5ea226a5aa4\mshtml.dll
      + 2008-06-27 03:48:28 3,578,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22212_none_13c3e1f53b4d66ac\mshtml.dll
      + 2008-06-27 03:54:45 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16711_none_58ab7304671ea8a3\icardie.dll
      + 2008-06-27 03:46:48 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20868_none_59060239805e8583\icardie.dll
      + 2008-06-27 03:54:09 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\ieUnatt.exe
      + 2008-06-27 03:54:09 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
      + 2008-06-27 01:41:11 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\ieUnatt.exe
      + 2008-06-27 01:41:30 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
      + 2008-06-27 03:54:09 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\ie4uinit.exe
      + 2008-06-27 03:54:45 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\iernonce.dll
      + 2008-06-27 03:54:45 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\iesetup.dll
      + 2008-06-27 01:41:00 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\ie4uinit.exe
      + 2008-06-27 03:46:49 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\iernonce.dll
      + 2008-06-27 03:46:49 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\iesetup.dll
      + 2008-06-27 03:54:45 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16711_none_2a05bf326809c049\iebrshim.dll
      + 2008-06-27 03:46:48 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20868_none_2a604e6781499d29\iebrshim.dll
      + 2008-06-27 03:54:45 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7\ieframe.dll
      + 2008-06-27 03:54:45 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7\ieui.dll
      + 2008-06-27 03:46:49 6,068,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7\ieframe.dll
      + 2008-06-27 03:46:49 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7\ieui.dll
      + 2008-06-27 04:15:23 6,068,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\ieframe.dll
      + 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\ieui.dll
      + 2008-06-27 03:47:06 6,070,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9\ieframe.dll
      + 2008-06-27 03:47:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9\ieui.dll
      + 2008-06-27 03:54:09 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16711_none_e6abccbc9482feff\ieinstal.exe
      + 2008-06-27 01:41:23 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20868_none_e7065bf1adc2dbdf\ieinstal.exe
      + 2008-06-27 03:54:09 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16711_none_0b5401d8d6fdbeb1\ieuser.exe
      + 2008-06-27 01:41:24 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20868_none_0bae910df03d9b91\ieuser.exe
      + 2008-04-30 05:29:59 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6000.16683_none_5fb7376b44d6ca52\msadce.dll
      + 2008-04-30 05:19:33 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6000.20825_none_6083b6385dc1f24b\msadce.dll
      + 2008-04-30 05:36:32 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6001.18065_none_61b5167d41eb560f\msadce.dll
      + 2008-04-30 05:25:53 454,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6001.22169_none_6242b4705b055b35\msadce.dll
      + 2008-04-10 05:01:31 737,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.16669_none_77930ed65b8e9f2d\inetcomm.dll
      + 2008-04-10 02:43:11 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.16669_none_77930ed65b8e9f2d\INETRES.dll
      + 2008-04-10 04:56:31 737,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.20810_none_7849ba89748bcc5a\inetcomm.dll
      + 2008-04-10 02:44:56 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.20810_none_7849ba89748bcc5a\INETRES.dll
      + 2008-04-10 05:12:41 738,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\inetcomm.dll
      + 2006-11-02 08:48:55 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\INETRES.dll
      + 2008-04-10 04:59:52 738,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22154_none_7a08b8c171cf3544\inetcomm.dll
      + 2008-04-10 02:51:10 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22154_none_7a08b8c171cf3544\INETRES.dll
      + 2008-06-19 03:25:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\FwRemoteSvr.dll
      + 2008-06-19 03:25:22 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\IPSECSVC.DLL
      + 2008-06-19 03:25:25 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\polstore.dll
      + 2008-06-19 03:25:26 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\winipsec.dll
      + 2008-06-19 03:11:10 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\FwRemoteSvr.dll
      + 2008-06-19 03:11:28 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\IPSECSVC.DLL
      + 2008-06-19 03:13:36 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\polstore.dll
      + 2008-06-19 03:14:12 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.20861_none_4271f89f082c0b69\winipsec.dll
      + 2008-01-19 07:34:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\FwRemoteSvr.dll
      + 2008-06-19 03:31:48 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\IPSECSVC.DLL
      + 2008-01-19 07:36:07 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\polstore.dll
      + 2008-01-19 07:36:55 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\winipsec.dll
      + 2008-06-19 03:12:13 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\FwRemoteSvr.dll
      + 2008-06-19 03:12:58 361,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\IPSECSVC.DLL
      + 2008-06-19 03:15:05 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\polstore.dll
      + 2008-06-19 03:15:48 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22206_none_449e183f051d7367\winipsec.dll
      + 2008-06-30 23:03:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16714_none_f09b0ea06e5840aa\OESpamFilter.dat
      + 2008-06-30 22:56:06 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20874_none_f0e3cbe387a6881a\OESpamFilter.dat
      + 2008-07-04 02:02:58 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18104_none_f28c1d326b76b5aa\OESpamFilter.dat
      + 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22218_none_f30eeb398498d6c1\OESpamFilter.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-20 13:36 1232896]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-28 21:24 171448]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
      "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-07-29 15:41 1213680]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-05-25 12:17 159744]
      "FIC HotKey"="C:\Program Files\Hotkey Utility\tray.exe" [2007-07-13 15:38 561152]
      "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-05-16 12:42 29696]
      "Silent Mode"="C:\Program Files\Light Sensor Utility\Sensor.exe" [2007-06-27 10:56 253952]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

      C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "ValidateAdminCodeSignatures"= 1 (0x1)
      "FilterAdministratorToken"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{EE849512-1750-4752-9658-D3527CDB19FD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{BE11DD08-AA1A-4251-A90A-E1C4F7E46B48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{0AAE5F62-EA3E-4D98-B20D-446DC72354DD}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
      "{C4EE3803-388B-4383-A9D5-504EE186984C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{D461A291-063B-4921-A530-D82B647EB0B1}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
      "UDP Query User{D969DD8C-0724-41CD-97EA-D375810DADF7}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
      "{0DE9BC89-AF96-4E6F-A0E3-C15E830C05A9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{C0A3CAF8-F3B0-4856-B5E9-E786BDBF4F34}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "TCP Query User{510300B1-DBB9-409B-AD9D-D3D56857D81B}C:\\users\\pierre\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\pierre\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
      "UDP Query User{D4192A9F-A54A-49B7-9B98-5EF93B430151}C:\\users\\pierre\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\pierre\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
      "TCP Query User{68053F71-8F92-476D-9B49-13F7727199CB}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
      "UDP Query User{59E1D1A5-0842-470C-9EC7-B557EC9909A2}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
      "TCP Query User{EDF2D800-DCA6-4DA4-8DF0-26D35DAAF4EF}C:\\users\\pierre\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\pierre\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
      "UDP Query User{E0128A82-24C5-4336-B5C6-7A0AE7F566B1}C:\\users\\pierre\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\pierre\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
      "TCP Query User{E9C97373-7CFD-4919-8A74-F8A24E4D24F2}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
      "UDP Query User{74F08B60-DCC2-4BE9-8257-D214403DD9BE}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
      "TCP Query User{85DD36EC-8E70-479D-9F79-9C32E7FFDD08}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
      "UDP Query User{14340551-CA54-417D-92CA-42F621FBC1B5}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
      "TCP Query User{BE2C15CB-49A3-4D24-9172-2779B940A729}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{8598122F-9864-428E-AFFE-8C31C87694B6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)
      "DoNotAllowExceptions"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
      R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 11:52]
      R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 09:44]
      S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

      2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{88E50F82-E0EA-4A84-BD14-221F83FDD350}.job
      - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

      2008-04-20 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
      .
      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\e64q91wp.default\
      .
      .
      ------- File Associations (Beta) -------
      .
      VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
      VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
      vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
      vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
      jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-20 17:58:17
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-20 17:59:12
      ComboFix-quarantined-files.txt 2008-08-20 15:59:00

      Pre-Run: 76,309,975,040 octets libres
      Post-Run: 76,284,858,368 octets libres

      482 --- E O F --- 2008-08-20 15:32:43
      0
  2. plm69 Messages postés 532 Statut Membre 17
     
    quel est ton antivrius
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      salut
      ne rigole pas stp antivirus avast aprés je le vire
      je vien de faire un rapport hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:30:08, on 20/08/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Hotkey Utility\tray.exe
      C:\Program Files\Power Manager\PM.exe
      C:\Program Files\Light Sensor Utility\Sensor.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Apoint2K\ApMsgFwd.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\taskeng.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
      O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
      O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  3. pierre_91 Messages postés 1707 Statut Membre 4
     
    re
    avast ne trouve toujour rien j ais re scan en mode sans echec avec mba voici le deuxieme rapport

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1070
    Windows 6.0.6000

    17:22:09 20/08/2008
    mbam-log-08-20-2008 (17-22-09).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 98247
    Temps écoulé: 17 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    fond d écran toujour bleue
    0
  4. plm69 Messages postés 532 Statut Membre 17
     
    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pierre_91 Messages postés 1707 Statut Membre 4
     
    on peut (soigner mon pc avant) je t envoi le log
    0
  7. plm69 Messages postés 532 Statut Membre 17
     
    quand ta fais le scan avec malwarebytes, il a rien détécté ?
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      la deuxieme fois rien
      je vien de refaire une mise a jour je vais faire un autre scan
      0
  8. plm69 Messages postés 532 Statut Membre 17
     
    bizzare il a pourtant supprimé les Hiajack.Wallpaper (ecran bleu)

    Télécharge a-squared et fais une mise à jour, puis un scan detail(complet)

    http://download3.emsisoft.com/a2AntiMalwareSetup.exe

    Tuto : http://www.malekal.com/tutorial_a2squaredfree.php

    A la fin si il trouve des virus supprime les, a la fin su scan copie/colle le rapport obtenu dans
    ton prochain message.
    0
  9. pierre_91 Messages postés 1707 Statut Membre 4
     
    ok je te tien aux courant
    0
  10. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, est ce que ton nouveau sujet est en rapport avec http://www.commentcamarche.net/forum/affich 7963213 comprendre ce rapport hijackthis, sinon pour ton ecran bleu normalement l'infection est parti as tu essaié d'en remettre un fond d'ecran
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      pas de rapport avec l 'autre sujet j ais chopé un virus cette apm et non pas essayer de remmettre un autre fond d écran mais a-squared-anti-malware a trouver une trace registry .kazaA et le scan est toujour en cours je vous tiens au courant
      0
    2. pierre_91 Messages postés 1707 Statut Membre 4
       
      pour le fond d écran ces bon j en ais remis un pour le scan ça risque d étre long je vous dis quand ces fini
      0
  11. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    comment tu te débrouilles pour choper des trucs aussi facilement perso je virerais mon anti-virus de merde et puis tu te mets un anti-spyware en mode résident, sur vista tu as windows défender d'origine pourquoi tu ne l'as pas activé
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      il a suuprimer le fichier infecter je fais quoi maintenant svp
      0
  12. pierre_91 Messages postés 1707 Statut Membre 4
     
    celui là ces un e-meil d 'un pote
    0
  13. pierre_91 Messages postés 1707 Statut Membre 4
     
    quelqu'un peut m aider je ne sais pas si mon pc est propre là
    0
  14. pierre_91 Messages postés 1707 Statut Membre 4
     
    voici le dernier log hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:30:08, on 20/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hotkey Utility\tray.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Program Files\Light Sensor Utility\Sensor.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  15. plm69 Messages postés 532 Statut Membre 17
     
    virus supprimer sur Asquared ? ton pc est propre
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      ils en a supprimer un
      0
    2. pierre_91 Messages postés 1707 Statut Membre 4
       
      re
      dis moi tu peut me donner le lien por utiliser antivir car pas en français et je comprend rien et comment on fais pour les mise a jour stp
      0
  16. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      ok merçi je t'envoi le log antivir



      Avira AntiVir Personal
      Report file date: mercredi 20 août 2008 21:11

      Scanning for 1564721 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows Vista
      Windows version: (plain) [6.0.6000]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: PC-DE-PIERRE

      Version information:
      BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
      AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
      ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
      ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 19:06:39
      ANTIVIR3.VDF : 7.0.6.45 192000 Bytes 20/08/2008 19:06:40
      Engineversion : 8.1.1.23
      AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
      AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 19:06:43
      AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
      AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
      AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
      AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 19:06:42
      AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 19:06:42
      AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
      AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 19:06:41
      AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
      AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
      AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
      AVREP.DLL : 8.0.0.2 98344 Bytes 20/08/2008 19:06:40
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, D:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: mercredi 20 août 2008 21:11

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'mobsync.exe' - '1' Module(s) have been scanned
      Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
      Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
      Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'XAudio.exe' - '1' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'TestHandler.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
      Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
      Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ehtray.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'sidebar.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'Sensor.exe' - '1' Module(s) have been scanned
      Scan process 'PM.exe' - '1' Module(s) have been scanned
      Scan process 'tray.exe' - '1' Module(s) have been scanned
      Scan process 'Apoint.exe' - '1' Module(s) have been scanned
      Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'dwm.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
      Scan process 'audiodg.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsm.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'wininit.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      58 processes with 58 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '48' files ).


      Starting the file scan:

      Begin scan in 'C:\' <System>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Users\pierre\AppData\Local\VirtualStore\Windows\System32\phcjpej0e70l.bmp
      [DETECTION] Is the TR/Fakealert.AAF Trojan
      [NOTE] The file was deleted!
      C:\Windows\System32\MovieCTL.dll
      --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Spy.BHO.D Trojan
      [NOTE] The file was deleted!
      Begin scan in 'D:\' <DATA>


      End of the scan: mercredi 20 août 2008 21:49
      Used time: 37:28 Minute(s)

      The scan has been done completely.

      11821 Scanning directories
      226738 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      2 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      226735 Files not concerned
      2542 Archives were scanned
      1 Warnings
      2 Notes
      0
    2. pierre_91 Messages postés 1707 Statut Membre 4
       
      voici le dernier log hijackthis si ça peut aider demain je ferais un scan antivir en mode san echec
      a+
      0
  17. pierre_91 Messages postés 1707 Statut Membre 4
     
    désoler il est là

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:58:26, on 20/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hotkey Utility\tray.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Program Files\Light Sensor Utility\Sensor.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  18. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    actives windows défender l'anti-spyware d'origine sur vista il n'est pas trés puissant mais mieux que celui que tu as en ce moment puisque tu n'en as pas lol

    sinon c'es tu à quoi correspond ce programmes Light Sensor Utility
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      tes sur que windos defender n est pas activer car pour moi il les
      sinon dis moi comment faire (sous vista)
      Light Sensor Utility je ne sais pas ce que ces mail il me semble qu'ils a toujour été là
      0
  19. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    pour moi il ne l'est pas car je le vois pas dans hijackthis dans les programmes en démarrage automatique tu peux vérifier en ouvrant windows défender puis tu cliques sur outil et puis option tu fais défiler la fenêtre avec l'assenceur et tu regardes si c'est bien cocher , aide toi du tutoriel dans protection en temps réel https://www.malekal.com/tutoriel-windows-defender/
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      est ce que je n aurais pas fais une erreur avec hijackthis version trop vielle ou autre ?
      je revien demain apm
      a +
      0
  20. pierre_91 Messages postés 1707 Statut Membre 4
     
    je ne comprend pas pourquoi tu ne le voit pas ,i ou il devrait apparaître car j ais regarder le tuto et il est installer pareil sur mon pc j ais même fais une analyse rapide
    0
  21. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    as tu été voire si la case utilisation en temps réel est coché
    0
    1. pierre_91 Messages postés 1707 Statut Membre 4
       
      bonjour ,
      oui la protection en temps réel est activer
      0
    2. pierre_91 Messages postés 1707 Statut Membre 4
       
      re,
      je viens de refaire un scan hijackthis si ça peut aider ,
      j ais fais un scan avec antivir puis mba et nettoyer avec ccleaner en mode sans echec et seulement après j ais lancé hijackthis tu en pense quoi


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:20:14, on 21/08/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Hotkey Utility\tray.exe
      C:\Program Files\Power Manager\PM.exe
      C:\Program Files\Light Sensor Utility\Sensor.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Apoint2K\ApMsgFwd.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Internet Explorer\IEUser.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
      O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
      O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  • 1
  • 2