Ae9.tmp

Résolu
R2dd Messages postés 20 Statut Membre -  
 archet9 -
Bonjour,

J' ai a l'ouverture du Pc une Fenêtre qui s'ouvre et qui se nomme "Ae9.tmp" ainsi que de nombreux pop up de pub.
J'ai effectué une recherche et vue un Topic concernant "Ae9.tmp" ici; http://www.commentcamarche.net/forum/affich 7584143 virus xp 2008 urgent.

Je suis sous Vista et utilise Firefox

Je voudrais savoir par quoi commencer,

A tres bientot.
Configuration: Windows Vista
Firefox 3.0.4

24 réponses

  • 1
  • 2
Résumé de la discussion

Le sujet décrit une infection présumée sur Windows Vista où une fenêtre Ae9.tmp s’ouvre avec des pop-ups, et l’auteur cherche par où commencer pour nettoyer le système.
Plusieurs réponses recommandent des outils spécialisés et des méthodes progressives, notamment HijackThis, Malwarebytes, SmitFraudFix et CCleaner, afin d’identifier et supprimer les éléments malveillants et nettoyer les registres infectés.
Les échanges présentent des résultats de scans: Malwarebytes signale des infections Trojan.Agent et Trojan.DNSChanger avec suppression et quarantaines, tandis que les rapports HijackThis listent des éléments infectés et modifications de registres.
En cas de suites, plusieurs éléments non essentiels comme des barres d’outils (Dealio) et des extensions Firefox sont signalés et leur suppression peut nécessiter un redémarrage en mode sûr et une vérification des services.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. archet9
     
    bonsoir

    Commence par poster un rapport HijackThis stp,
    >Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
    - Lance le programme, puis sélectionne < do a system scan and save a logfile >
    - Enregistre le rapport sur ton bureau.
    Et envoie, par copier/coller, ton log Hijackthis sur le forum,

    A+

    Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
    1. R2dd Messages postés 20 Statut Membre
       
      Bonsoir et merci de ton aide.


      Voila le rapport.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:41:14, on 21/11/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
      C:\Users\jmk\Program Files\DNA\btdna.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Users\jmk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHCPEUW\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AE9.tmp] C:\Windows\temp\AE9.tmp
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jmk\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\jmk\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
      O13 - Gopher Prefix:
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer = 85.255.112.12;85.255.112.173
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsce.exe
      0
  2. archet9
     
    Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de
    a+
    0
  3. R2dd Messages postés 20 Statut Membre
     
    ok ,

    Voila le rapport SmitfraudFix

    SmitFraudFix v2.376

    Scan done at 21:56:00,94, 21/11/2008
    Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Users\jmk\Program Files\DNA\btdna.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\resycled\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jmk

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jmk\AppData\Local\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jmk\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jmk\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

    Description: NVIDIA nForce Networking Controller
    DNS Server Search Order: 85.255.112.12;85.255.112.173

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Merci encore.
    0
  4. archet9
     
    ok

    --Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

    * Impératif : Redémarrer l'ordinateur en mode sans échec .
    Comment aller en Mode sans échec
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    ( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

    *Double click sur SmitfraudFix.exe

    * Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

    -> Si besion :
    * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

    ( Le correctif déterminera si le fichier wininet.dll est infecté.)

    * A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
    pour remplacer le fichier corrompu.

    * Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement )

    Le rapport se trouve à la racine de C\:
    (dans le fichier "rapport.txt")

    Postes moi ce dernier rapport ... Attention , il va être trop long pour être poster entièrement sur le forum
    --> donc postes moi seulement le début et la fin ( coupes la listes des "fichiers hosts" )

    a+

    Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737 
    Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
    peu de temps avant sa mort il cherchait encore... 
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. R2dd Messages postés 20 Statut Membre
     
    RE,

    Je suis etonné mais le rapport me parait bien court....

    SmitFraudFix v2.376

    Scan done at 22:09:53,22, 21/11/2008
    Run from C:\Users\jmk\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    ::1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\resycled\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    J'ai bien effectué tout ce que tu m'as dit dans l'ordre, dis moi ce que tu en penses !!
    0
    1. archet9
       
      re hijack stp....

      a+
      0
  7. R2dd Messages postés 20 Statut Membre
     
    Voila, voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30:04, on 21/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Users\jmk\Program Files\DNA\btdna.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\jmk\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AE9.tmp] C:\Windows\temp\AE9.tmp
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jmk\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\jmk\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFCA8F7-4FDA-4013-9AC5-474D9B9E1C2F}: NameServer = 85.255.112.12;85.255.112.173
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsce.exe
    0
    1. archet9
       
      pas bon...*
      ceci maintenant:
      ce scan dure 1 certain temps et je bosse demain....
      poste le rapport et on verra ca demain soir...merci



       Fais un scan avec cet antispyware :

      Telecharge malwarebytes + tutoriel :

      -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

      Tu l´installes; le programme va se mettre automatiquement a jour.

      Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

      Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

      Puis click sur "rechercher".

      Laisse le scanner le pc...

      Si des elements on ete trouvés > click sur supprimer la selection.

      si il t´es demandé de redemarrer > click sur "yes".

      A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

      Copie et colle le rapport stp.

      a+
      0
  8. R2dd Messages postés 20 Statut Membre
     
    Ok pas de soucis ca peut tres bien attendre demain...

    Je tiens a te remercier de ton aide et de ton efficacité..Bon courage pour demain.

    Moi, c'est Wend...

    @+ bye
    0
  9. R2dd Messages postés 20 Statut Membre
     
    Bonsoir,

    Voila le rapport du scan effectué ct'apres midi.

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1415
    Windows 6.0.6001 Service Pack 1

    22/11/2008 13:58:04
    mbam-log-2008-11-22 (13-58-04).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 122950
    Temps écoulé: 45 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ae9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bafca8f7-4fda-4013-9ac5-474d9b9e1c2f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12;85.255.112.173 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bafca8f7-4fda-4013-9ac5-474d9b9e1c2f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12;85.255.112.173 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{bafca8f7-4fda-4013-9ac5-474d9b9e1c2f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12;85.255.112.173 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\temp\AE9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

    Et voila........
    0
  10. archet9
     
    bonsoir

    as-tu vu ceci?
    C:\Windows\temp\AE9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

    ensuite:

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter

    en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

    a+
    0
  11. archet9
     
    j ai oublié ceci:

    reprends malwarebytes
    va ds quarentaine et supprime tout
    a+
    0
  12. R2dd Messages postés 20 Statut Membre
     
    Re,

    J'ai supprimé toute la ùise en quarantaine.
    et voila le rapport

    Search Navipromo version 3.6.9 commencé le 22/11/2008 à 19:18:19,07

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "jmk"

    Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6001
    Internet Explorer : 7.0.6001.18000
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\Windows" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

    *** Recherche dossiers dans "C:\ProgramData" ***

    *** Recherche dossiers dans "c:\users\jmk\appdata\roaming\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "C:\Users\jmk\AppData\Local\virtualstore\Program Files" ***

    *** Recherche dossiers dans "C:\Users\jmk\AppData\Roaming" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\jmk\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\jmk\AppData\Local\virtualstore\windows\system32" *

    * Recherche dans "C:\Users\jmk\AppData\Local" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :

    * Dans "C:\Users\jmk\AppData\Local\Microsoft" :

    * Dans "C:\Users\jmk\AppData\Local\virtualstore\windows\system32" :

    * Dans "C:\Users\jmk\AppData\Local" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 22/11/2008 à 19:31:18,47 ***

    A suivre...
    0
    1. archet9
       
      c est bon

      colle 1 nouveau scan hijack pour verif stp...

      a+
      0
  13. R2dd Messages postés 20 Statut Membre
     
    Impressionant !!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:19:59, on 22/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\jmk\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\jmk\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jmk\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\jmk\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
    1. archet9
       
      ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
      http://download.bleepingcomputer.com/sUBs/ComboFix.exe

      /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

      ---> Double-clique sur Combofix.exe
      Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
      Accepte en cliquant sur "Oui"

      ---> Mets-le en langue française F
      Tape sur la touche 1 (Yes) pour démarrer le scan.

      /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

      En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

      Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

      /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

      Note : Le rapport se trouve également là : C:\ComboFix.txt
      a+
      0
  14. R2dd Messages postés 20 Statut Membre
     
    Me revoila..

    ComboFix 08-11-22.01 - jmk 2008-11-22 20:46:18.5 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1158 [GMT 1:00]
    Lancé depuis: c:\users\jmk\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-22 19:16 . 2008-11-22 19:32 <REP> d-------- c:\program files\Navilog1
    2008-11-22 12:40 . 2008-11-22 12:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-22 12:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-11-22 12:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-22 12:38 . 2008-11-22 12:38 2,372,472 --a------ c:\users\jmk\mbam-setup.exe
    2008-11-21 22:10 . 2008-11-21 22:10 691 --a------ c:\users\jmk\AppData\Roaming\GetValue.vbs
    2008-11-21 22:10 . 2008-11-21 22:10 35 --a------ c:\users\jmk\AppData\Roaming\SetValue.bat
    2008-11-21 21:56 . 2008-11-21 22:10 4,506 --a------ c:\windows\System32\tmp.reg
    2008-11-21 21:55 . 2007-09-05 23:22 289,144 --a------ c:\windows\System32\VCCLSID.exe
    2008-11-21 21:55 . 2006-04-27 16:49 288,417 --a------ c:\windows\System32\SrchSTS.exe
    2008-11-21 21:55 . 2008-10-01 14:51 87,552 --a------ c:\windows\System32\VACFix.exe
    2008-11-21 21:55 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\o4Patch.exe
    2008-11-21 21:55 . 2008-05-18 20:40 82,944 --a------ c:\windows\System32\IEDFix.exe
    2008-11-21 21:55 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
    2008-11-21 21:55 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
    2008-11-21 21:55 . 2004-07-31 17:50 51,200 --a------ c:\windows\System32\dumphive.exe
    2008-11-21 21:55 . 2007-10-03 23:36 25,600 --a------ c:\windows\System32\WS2Fix.exe
    2008-11-19 23:41 . 2008-11-19 23:41 <REP> d-------- c:\program files\eRightSoft
    2008-11-19 23:41 . 2008-11-19 23:41 <REP> d-------- c:\program files\AviSynth 2.5
    2008-11-13 22:52 . 2008-11-13 22:52 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-11-13 22:18 . 2008-11-13 22:18 <REP> d-------- c:\users\jmk\AppData\Roaming\Samsung
    2008-11-13 21:27 . 2007-07-03 16:58 106,792 --a------ c:\windows\System32\drivers\sscdmdm.sys
    2008-11-13 21:27 . 2007-07-03 16:54 80,552 --a------ c:\windows\System32\drivers\sscdbus.sys
    2008-11-13 21:27 . 2007-07-03 16:57 11,944 --a------ c:\windows\System32\drivers\sscdmdfl.sys
    2008-11-13 21:27 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwhnt.sys
    2008-11-13 21:27 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwh.sys
    2008-11-13 21:27 . 2007-07-03 16:56 9,256 --a------ c:\windows\System32\drivers\sscdcmnt.sys
    2008-11-13 21:27 . 2007-07-03 16:56 9,256 --a------ c:\windows\System32\drivers\sscdcm.sys
    2008-11-13 21:25 . 2008-11-13 21:28 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
    2008-11-13 21:25 . 2008-11-13 21:52 5,632 --a------ c:\windows\System32\drivers\StarOpen.sys
    2008-11-13 21:25 . 2005-08-28 20:51 766 --a------ c:\windows\System32\Uninstall.ico
    2008-11-13 21:24 . 2008-11-13 21:24 <REP> d-------- c:\program files\Samsung
    2008-11-12 19:49 . 2008-11-12 19:49 <REP> d-------- c:\users\jmk\sonnerie portable
    2008-11-11 20:59 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 20:58 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-11 20:58 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-07 18:51 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-07 18:51 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-07 18:51 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-07 18:51 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-07 18:51 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-07 18:51 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-07 18:51 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-07 18:51 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-07 18:51 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-01 10:55 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-11-01 10:55 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-11-01 10:54 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-11-01 10:54 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-11-01 10:54 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-10-28 20:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-10-28 20:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-10-28 20:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
    2008-10-25 21:21 . 2008-10-25 21:21 <REP> d-------- c:\program files\Veetle
    2008-10-25 21:21 . 2008-11-09 21:20 48,396 --a------ c:\windows\UninstVeetleTVPlayer.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-22 19:46 --------- d-----w c:\users\jmk\AppData\Roaming\DNA
    2008-11-22 11:41 --------- d-----w c:\users\jmk\AppData\Roaming\LimeWire
    2008-11-18 20:25 --------- d-----w c:\program files\Free FLV Converter
    2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
    2008-11-18 14:39 274,432 ----a-w c:\windows\System32\TubeFinder.exe
    2008-11-16 20:36 --------- d-----w c:\program files\LimeWire
    2008-11-13 20:54 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-12 17:36 --------- d-----w c:\progra~2\Microsoft Help
    2008-11-04 15:46 --------- d-----w c:\program files\Common Files\Adobe
    2008-10-26 16:17 --------- d-----w c:\users\jmk\AppData\Roaming\BitTorrent
    2008-10-20 19:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
    2008-10-16 16:18 --------- d-----w c:\program files\Windows Mail
    2008-10-08 18:04 --------- d-----w c:\program files\iTunes
    2008-10-08 18:04 --------- d-----w c:\program files\iPod
    2008-10-08 18:04 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-25 17:15 --------- d-----w c:\program files\Common Files\Apple
    2008-09-25 17:10 --------- d-----w c:\program files\Bonjour
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-07-24 17:18 318,904 ----a-w c:\users\jmk\wmpfirefoxplugin.exe
    2008-07-10 16:34 4,961,336 ----a-w c:\users\jmk\PandoSetup.exe
    2008-07-08 17:08 59,839,784 ----a-w c:\users\jmk\iTunesSetup.exe
    2008-07-02 21:33 812,344 ----a-w c:\users\jmk\HJTInstall.exe
    2008-06-21 09:35 7,599,856 ----a-w c:\users\jmk\Firefox Setup 3.0.exe
    2008-06-21 09:16 174 --sha-w c:\program files\desktop.ini
    2008-06-12 20:55 5,318,091 ----a-w c:\users\jmk\Setup_FreeFlvConverter(2).exe
    2008-06-01 15:25 10,536,468 ----a-w c:\users\jmk\c2c_pdftoolbox.exe
    2008-05-30 20:06 23,700,784 ----a-w c:\users\jmk\quicktime_quicktime_7.4.5_francais_anglais_9524.exe
    2008-05-30 20:00 9,318,211 ----a-w c:\users\jmk\vlc-0.8.6h-win32.exe
    2008-05-30 19:52 5,164,596 ----a-w c:\users\jmk\Setup_FreeFlvConverter.exe
    2008-02-22 21:50 4,506,256 ----a-w c:\program files\LimeWireWin.exe
    2008-02-21 19:38 0 ----a-w c:\users\jmk\AppData\Roaming\wklnhst.dat
    2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-30_20.13.52.68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-23 04:44:47 140,288 ----a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    + 2008-08-05 09:51:47 140,288 ----a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    - 2008-04-23 04:44:14 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    + 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    - 2008-04-23 04:45:00 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2008-11-04 11:44:53 2,428,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\3cdca1e5ca98fe7c3f4ab8acd32e8c1c\ehepg.ni.dll
    + 2008-11-04 11:45:18 44,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\71f21fd19fc743332713e929b7f466ba\ehExtCOM.ni.dll
    + 2008-11-04 11:45:19 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\ca3894e7058fbb4133c887b8f967c5f0\ehExtHost.ni.exe
    + 2008-11-04 11:45:09 1,949,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\d7fd9d0533242d48d6914a1bf993aadb\ehRecObj.ni.dll
    + 2008-11-04 11:45:07 12,742,656 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\bc7c35ef31af1909c89cb067da0e0970\ehshell.ni.dll
    + 2008-11-04 11:44:51 737,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\26383f385450d35ef11998a1c60e6c45\mcstore.ni.dll
    + 2008-11-04 11:45:10 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\5ffe0057899c1579c865c000554b239b\mcupdate.ni.exe
    + 2008-11-04 11:44:47 5,861,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\32c2ab90485e11277b825ec8260de0dc\Microsoft.MediaCenter.UI.ni.dll
    + 2008-11-04 11:44:54 704,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5978cf38d967c9ec0ab694134129b82c\Microsoft.MediaCenter.Sports.ni.dll
    + 2008-11-04 11:44:50 618,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a859b69e0f608b63f6ec8b4dbfa8966a\Microsoft.MediaCenter.ni.dll
    + 2008-11-04 11:44:49 253,952 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\fe6a1bdca6598998fd80b3ee04053741\Microsoft.MediaCenter.Shell.ni.dll
    - 2008-04-23 04:42:33 373,248 ----a-w c:\windows\ehome\ehglid.dll
    + 2008-08-05 09:49:54 373,248 ----a-w c:\windows\ehome\ehglid.dll
    - 2008-04-23 04:42:33 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
    + 2008-08-05 09:49:54 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
    - 2008-04-23 04:42:33 254,464 ----a-w c:\windows\ehome\ehReplay.dll
    + 2008-08-05 09:49:54 254,464 ----a-w c:\windows\ehome\ehReplay.dll
    - 2008-04-23 04:44:14 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
    + 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
    - 2008-04-23 04:27:00 18,944 ----a-w c:\windows\ehome\ehtrace.dll
    + 2008-08-06 03:27:39 18,944 ----a-w c:\windows\ehome\ehtrace.dll
    - 2008-04-23 04:42:33 522,240 ----a-w c:\windows\ehome\ehui.dll
    + 2008-08-05 09:49:54 522,240 ----a-w c:\windows\ehome\ehui.dll
    - 2008-01-19 07:33:22 172,544 ----a-w c:\windows\ehome\McrMgr.exe
    + 2008-08-05 09:49:28 173,056 ----a-w c:\windows\ehome\McrMgr.exe
    - 2008-04-23 04:44:47 140,288 ----a-w c:\windows\ehome\mcupdate.exe
    + 2008-08-05 09:51:47 140,288 ----a-w c:\windows\ehome\mcupdate.exe
    - 2008-04-23 04:45:00 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
    + 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
    - 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    - 2008-08-31 09:50:44 51,200 ----a-w c:\windows\inf\infpub.dat
    + 2008-11-13 20:30:06 51,200 ----a-w c:\windows\inf\infpub.dat
    - 2008-08-31 09:50:44 86,016 ----a-w c:\windows\inf\infstor.dat
    + 2008-11-13 20:30:05 86,016 ----a-w c:\windows\inf\infstor.dat
    - 2008-08-31 09:50:43 143,360 ----a-w c:\windows\inf\infstrng.dat
    + 2008-11-13 20:30:06 143,360 ----a-w c:\windows\inf\infstrng.dat
    + 2008-11-12 17:36:07 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    - 2008-09-20 12:46:13 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-11-12 17:36:33 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-09-20 12:46:13 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-11-12 17:36:33 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-09-20 12:46:13 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2008-11-12 17:36:33 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    - 2008-09-20 12:46:13 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-11-12 17:36:33 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-09-20 12:46:13 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-11-12 17:36:34 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-09-20 12:46:13 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-11-12 17:36:33 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-09-20 12:46:13 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-11-12 17:36:33 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-09-20 12:46:13 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-11-12 17:36:33 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-11-04 15:46:36 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe
    + 2008-10-08 18:05:18 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
    + 2006-04-12 08:47:22 217,073 ----a-w c:\windows\meta4.exe
    + 2006-04-05 07:09:16 66,560 ----a-w c:\windows\MOTA113.exe
    - 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
    + 2000-08-31 07:00:00 28,672 ----a-w c:\windows\Nircmd.exe
    - 2008-09-30 16:23:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-11-22 13:00:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-09-30 16:23:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-11-22 13:00:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-09-30 16:24:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-11-22 13:04:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-11-22 13:04:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    + 2008-11-21 19:06:42 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-21 19:06:42 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-21 19:06:42 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-30 16:25:12 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-11-22 19:48:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-11-22 19:48:13 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-07-18 20:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2008-10-16 13:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    - 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
    + 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
    - 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\System32\aswBoot.exe
    + 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\System32\aswBoot.exe
    - 2008-07-19 14:30:53 94,392 ----a-w c:\windows\System32\AvastSS.scr
    + 2008-11-18 17:35:22 97,480 ----a-w c:\windows\System32\AvastSS.scr
    + 2007-05-17 16:30:48 318,976 ----a-w c:\windows\System32\avisynth.dll
    + 2005-07-14 11:31:20 27,648 ----a-w c:\windows\System32\AVSredirect.dll
    + 2008-01-19 07:33:52 65,536 ----a-w c:\windows\System32\ceutil.dll
    - 2008-09-30 16:23:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-22 17:01:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-30 16:23:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-22 17:01:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-30 16:23:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-22 17:01:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-30 18:10:58 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-10-04 11:21:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-10-04 11:21:21 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    + 2004-02-22 09:11:08 719,872 ----a-w c:\windows\System32\devil.dll
    - 2008-07-19 14:37:42 20,560 ----a-w c:\windows\System32\drivers\aswFsBlk.sys
    + 2008-11-18 18:02:43 20,560 ----a-w c:\windows\System32\drivers\aswFsBlk.sys
    - 2008-07-19 14:33:42 23,152 ----a-w c:\windows\System32\drivers\aswRdr.sys
    + 2008-11-18 18:01:09 23,152 ----a-w c:\windows\System32\drivers\aswRdr.sys
    - 2008-07-19 14:35:18 78,416 ----a-w c:\windows\System32\drivers\aswSP.sys
    + 2008-11-18 18:03:33 110,160 ----a-w c:\windows\System32\drivers\aswSP.sys
    - 2008-07-19 14:32:36 42,912 ----a-w c:\windows\System32\drivers\aswTdi.sys
    + 2008-11-18 18:01:23 50,864 ----a-w c:\windows\System32\drivers\aswTdi.sys
    + 2008-01-19 05:56:07 33,280 ----a-w c:\windows\System32\drivers\rndismpx.sys
    - 2008-01-19 05:29:28 288,256 ----a-w c:\windows\System32\drivers\srv.sys
    + 2008-08-27 01:06:25 288,768 ----a-w c:\windows\System32\drivers\srv.sys
    + 2008-01-19 07:37:09 664,576 ----a-w c:\windows\System32\drivers\UMDF\WpdMtpDr.dll
    + 2008-01-19 07:37:09 203,776 ----a-w c:\windows\System32\drivers\UMDF\WpdRapi.dll
    + 2008-01-19 05:56:08 15,872 ----a-w c:\windows\System32\drivers\usb8023x.sys
    + 2008-01-19 06:04:19 39,936 ----a-w c:\windows\System32\drivers\WpdUsb.sys
    + 2007-05-02 10:11:16 83,592 ----a-w c:\windows\System32\DriverStore\FileRepository\ss_bus.inf_7d09b845\i386\ss_bus.sys
    + 2007-05-02 10:11:18 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ss_bus.inf_7d09b845\i386\ss_whnt.sys
    + 2007-05-02 10:11:16 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_cmnt.sys
    + 2007-05-02 10:11:18 15,112 ----a-w c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_mdfl.sys
    + 2007-05-02 10:11:18 109,704 ----a-w c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_mdm.sys
    + 2007-07-03 15:54:24 80,552 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_5421c7a9\i386\sscdbus.sys
    + 2007-07-03 16:00:16 9,256 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_5421c7a9\i386\sscdwhnt.sys
    + 2007-07-03 15:56:00 9,256 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_ae69cd61\i386\sscdcmnt.sys
    + 2007-07-03 15:59:10 86,824 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_ae69cd61\i386\sscdserd.sys
    + 2007-07-03 15:56:00 9,256 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdcmnt.sys
    + 2007-07-03 15:57:24 11,944 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdmdfl.sys
    + 2007-07-03 15:58:20 106,792 ----a-w c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdmdm.sys
    + 2007-05-02 10:12:34 83,592 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_bus.inf_64872c61\i386\ssm_bus.sys
    + 2007-05-02 10:12:36 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_bus.inf_64872c61\i386\ssm_whnt.sys
    + 2007-05-02 10:12:34 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_cmnt.sys
    + 2007-05-02 10:12:36 15,112 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_mdfl.sys
    + 2007-05-02 10:12:36 109,704 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_mdm.sys
    + 2007-05-02 10:12:34 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_ser2.inf_2087b83d\i386\ssm_cmnt.sys
    + 2007-05-02 10:12:36 109,704 ----a-w c:\windows\System32\DriverStore\FileRepository\ssm_ser2.inf_2087b83d\i386\ssm_mdm.sys
    + 2007-07-05 11:37:34 83,456 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdbus.inf_e57a582b\i386\sssdbus.sys
    + 2007-07-05 11:37:36 12,160 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdbus.inf_e57a582b\i386\sssdwhnt.sys
    + 2007-07-05 11:37:34 12,160 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdcmnt.sys
    + 2007-07-05 11:37:34 14,848 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdmdfl.sys
    + 2007-07-05 11:37:34 109,696 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdmdm.sys
    + 2007-07-05 11:37:34 12,160 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdobx2.inf_5b5c5c4e\i386\sssdcmnt.sys
    + 2007-07-05 11:37:36 99,712 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdobx2.inf_5b5c5c4e\i386\sssdobex.sys
    + 2007-07-05 11:37:34 12,160 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdsdm2.inf_bf4a684c\i386\sssdcmnt.sys
    + 2007-07-05 11:37:34 103,808 ----a-w c:\windows\System32\DriverStore\FileRepository\sssdsdm2.inf_bf4a684c\i386\sssdmgmt.sys
    + 2008-10-01 11:01:28 32,000 ----a-w c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_3c16a04b\usbaapl.sys
    - 2008-09-22 17:48:12 335,728 ----a-w c:\windows\System32\FNTCACHE.DAT
    + 2008-10-16 16:19:52 335,728 ----a-w c:\windows\System32\FNTCACHE.DAT
    + 2004-01-24 23:00:00 70,656 ----a-w c:\windows\System32\i420vfw.dll
    - 2008-06-27 04:15:23 6,068,736 ----a-w c:\windows\System32\ieframe.dll
    + 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\System32\ieframe.dll
    - 2008-01-19 07:34:31 270,336 ----a-w c:\windows\System32\iertutil.dll
    + 2008-10-02 03:49:14 270,336 ----a-w c:\windows\System32\iertutil.dll
    - 2008-06-27 04:15:24 28,160 ----a-w c:\windows\System32\jsproxy.dll
    + 2008-10-02 03:49:14 28,160 ----a-w c:\windows\System32\jsproxy.dll
    + 2008-01-19 07:33:10 76,800 ----a-w c:\windows\System32\kdsce.exe
    - 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
    + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
    - 2008-03-25 03:21:20 218,496 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2008-04-22 16:58:10 70,264 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2008-10-31 17:07:46 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    - 2008-06-27 04:15:28 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
    + 2008-04-08 20:44:11 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
    - 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\System32\mrt.exe
    + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe
    - 2008-06-27 04:15:24 3,578,368 ----a-w c:\windows\System32\mshtml.dll
    + 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\System32\mshtml.dll
    - 2008-06-27 04:15:25 671,232 ----a-w c:\windows\System32\mstime.dll
    + 2008-10-02 03:49:16 671,232 ----a-w c:\windows\System32\mstime.dll
    - 2008-01-19 07:35:35 466,944 ----a-w c:\windows\System32\netapi32.dll
    + 2008-10-16 04:47:33 466,944 ----a-w c:\windows\System32\netapi32.dll
    - 2008-09-30 16:28:13 104,742 ----a-w c:\windows\System32\perfc009.dat
    + 2008-11-22 13:05:13 104,742 ----a-w c:\windows\System32\perfc009.dat
    - 2008-09-30 16:28:13 127,798 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-11-22 13:05:13 127,798 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-09-30 16:28:13 595,308 ----a-w c:\windows\System32\perfh009.dat
    + 2008-11-22 13:05:13 595,308 ----a-w c:\windows\System32\perfh009.dat
    - 2008-09-30 16:28:13 678,718 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-11-22 13:05:13 678,718 ----a-w c:\windows\System32\perfh00C.dat
    + 2006-11-02 09:46:12 91,136 ----a-w c:\windows\System32\rapi.dll
    + 2006-11-02 09:46:12 14,848 ----a-w c:\windows\System32\rapiproxystub.dll
    + 2008-01-19 07:36:15 204,288 ----a-w c:\windows\System32\rapistub.dll
    + 2007-05-02 10:11:16 83,592 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_bus.sys
    + 2007-05-02 10:11:16 12,424 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
    + 2007-05-02 10:11:18 15,112 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
    + 2007-05-02 10:11:18 109,704 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
    + 2007-05-02 10:11:18 12,424 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
    + 2007-05-02 10:11:12 72,968 ----a-w c:\windows\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    + 2007-05-02 10:12:34 83,592 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
    + 2007-05-02 10:12:34 12,424 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
    + 2007-05-02 10:12:36 15,112 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
    + 2007-05-02 10:12:36 109,704 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
    + 2007-05-02 10:12:36 12,424 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
    + 2007-05-02 10:12:28 72,968 ----a-w c:\windows\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    + 2007-07-03 15:54:24 80,552 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdbus.sys
    + 2007-07-03 15:56:00 9,256 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
    + 2007-07-03 15:57:24 11,944 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
    + 2007-07-03 15:58:20 106,792 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
    + 2007-07-03 15:59:10 86,824 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdserd.sys
    + 2007-07-03 16:00:16 9,256 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
    + 2007-07-03 15:53:24 70,824 ----a-w c:\windows\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    + 2007-07-05 11:37:34 83,456 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdbus.sys
    + 2007-07-05 11:37:34 12,160 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
    + 2007-07-05 11:37:34 14,848 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
    + 2007-07-05 11:37:34 109,696 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
    + 2007-07-05 11:37:34 103,808 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
    + 2007-07-05 11:37:36 99,712 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdobex.sys
    + 2007-07-05 11:37:36 12,160 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
    + 2007-07-19 08:44:10 70,904 ----a-w c:\windows\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    - 2008-09-17 20:51:11 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-11-12 22:00:21 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe
    - 2008-06-27 04:15:28 1,166,336 ----a-w c:\windows\System32\urlmon.dll
    + 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\System32\urlmon.dll
    + 2006-11-02 09:46:13 14,848 ----a-w c:\windows\System32\wcescommproxy.dll
    - 2008-09-30 16:26:06 9,884 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3463401329-3998780706-3829550914-1002_UserData.bin
    + 2008-11-22 13:05:04 10,160 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3463401329-3998780706-3829550914-1002_UserData.bin
    - 2008-09-30 16:26:06 57,532 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-22 13:05:03 59,180 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-11 18:42:01 2,912 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-11-05 22:07:38 1,768 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-09-30 16:20:22 40,720 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-11-22 13:05:03 43,318 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 09:46:14 20,480 ----a-w c:\windows\System32\wmcoinst.dll
    + 2008-01-19 07:37:08 33,280 ----a-w c:\windows\System32\WpdConns.dll
    + 2006-11-02 09:46:14 151,552 ----a-w c:\windows\System32\WpdMtp.dll
    + 2008-01-19 07:37:09 60,928 ----a-w c:\windows\System32\WpdMtpUS.dll
    + 2005-02-28 12:16:22 240,128 ----a-w c:\windows\System32\x.264.exe
    + 2004-01-24 23:00:00 70,656 ----a-w c:\windows\System32\yv12vfw.dll
    + 2006-11-02 09:46:02 22,016 ----a-w c:\windows\WindowsMobile\BthASPlugin.dll
    + 2006-11-02 09:46:04 10,752 ----a-w c:\windows\WindowsMobile\dtptdns.dll
    + 2008-01-19 07:36:15 167,936 ----a-w c:\windows\WindowsMobile\rapimgr.dll
    + 2006-11-02 09:46:13 16,384 ----a-w c:\windows\WindowsMobile\tcp2udp.dll
    + 2008-01-19 07:36:49 365,568 ----a-w c:\windows\WindowsMobile\wcescomm.dll
    + 2006-11-02 09:45:59 215,552 ----a-w c:\windows\WindowsMobile\wmdSync.exe
    - 2008-09-17 19:34:34 136,435,837 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-11-12 17:36:12 146,267,038 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-08-06 03:28:23 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16724_none_d9ab5d3ed1ce7791\ehepg.dll
    + 2008-08-06 03:22:33 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20889_none_d9f91bf3eb183db4\ehepg.dll
    + 2008-08-06 03:28:25 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\ehexthost.exe
    + 2008-08-06 03:22:34 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\ehexthost.exe
    + 2008-08-06 03:28:27 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16724_none_fbd3e0d909c338d1\ehiExtens.dll
    + 2008-08-06 03:22:36 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20889_none_fc219f8e230cfef4\ehiExtens.dll
    + 2008-08-06 03:28:32 4,374,528 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16724_none_899e787f448205e3\ehshell.dll
    + 2008-08-06 03:22:41 4,382,720 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20889_none_89ec37345dcbcc06\ehshell.dll
    + 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18115_none_8b90875b419f943a\ehshell.dll
    + 2008-08-06 04:03:14 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22237_none_8c0684e25acb9e94\ehshell.dll
    + 2008-08-06 03:28:49 1,196,032 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16724_none_4e9c1c3698c67c79\Microsoft.MediaCenter.Shell.dll
    + 2008-08-06 03:22:59 1,269,760 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20889_none_4ee9daebb210429c\Microsoft.MediaCenter.Shell.dll
    + 2008-08-06 03:28:50 2,342,912 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16724_none_312a6ae65a1a7993\Microsoft.MediaCenter.UI.dll
    + 2008-08-06 03:23:00 2,351,104 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20889_none_3178299b73643fb6\Microsoft.MediaCenter.UI.dll
    + 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18115_none_331c79c2573807ea\Microsoft.MediaCenter.UI.dll
    + 2008-08-06 04:03:38 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22237_none_3392774970641244\Microsoft.MediaCenter.UI.dll
    + 2008-08-06 03:28:48 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16724_none_2385c3d9cf32e5a9\Microsoft.MediaCenter.dll
    + 2008-08-06 03:22:59 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20889_none_23d3828ee87cabcc\Microsoft.MediaCenter.dll
    + 2008-08-06 03:28:43 136,704 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe
    + 2008-08-06 03:22:54 136,704 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe
    + 2008-08-05 09:51:47 140,288 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe
    + 2008-08-06 04:03:31 140,288 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe
    + 2008-10-02 03:49:01 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\advpack.dll
    + 2008-10-02 03:25:49 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\advpack.dll
    + 2008-08-06 03:27:39 252,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16724_none_12bf9ca3a298d741\ehReplay.dll
    + 2008-08-06 03:18:00 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20889_none_130d5b58bbe29d64\ehReplay.dll
    + 2008-08-05 09:49:54 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18115_none_14b1ab7f9fb66598\ehReplay.dll
    + 2008-08-06 03:56:06 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22237_none_1527a906b8e26ff2\ehReplay.dll
    + 2008-08-06 03:27:40 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.dll
    + 2008-08-06 03:27:11 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.exe
    + 2008-08-06 03:19:18 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.dll
    + 2008-08-06 02:50:30 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.exe
    + 2008-01-19 07:34:44 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.dll
    + 2008-08-05 09:49:28 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.exe
    + 2008-08-06 03:57:56 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.dll
    + 2008-08-06 03:27:54 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.exe
    + 2008-08-06 03:27:39 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16724_none_2de5dbb18528130f\ehdebug.dll
    + 2008-08-06 03:17:56 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20889_none_2e339a669e71d932\ehdebug.dll
    + 2008-08-06 03:27:39 372,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16724_none_2d43ff096d0817ea\ehglid.dll
    + 2008-08-06 03:17:58 372,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20889_none_2d91bdbe8651de0d\ehglid.dll
    + 2008-08-05 09:49:54 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18115_none_2f360de56a25a641\ehglid.dll
    + 2008-08-06 03:56:06 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22237_none_2fac0b6c8351b09b\ehglid.dll
    + 2008-08-06 03:27:39 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16724_none_24d0bc2864e02dde\ehPresenter.dll
    + 2008-08-06 03:17:59 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20889_none_251e7add7e29f401\ehPresenter.dll
    + 2008-08-05 09:49:54 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18115_none_26c2cb0461fdbc35\ehPresenter.dll
    + 2008-08-06 03:56:06 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22237_none_2738c88b7b29c68f\ehPresenter.dll
    + 2008-08-06 03:21:59 10,094,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16724_none_50142885535e3590\ehres.dll
    + 2008-08-06 03:18:12 10,103,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20889_none_5061e73a6ca7fbb3\ehres.dll
    + 2008-08-06 03:27:39 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16724_none_36c4edb116c5f8a5\ehtrace.dll
    + 2008-08-06 03:18:12 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20889_none_3712ac66300fbec8\ehtrace.dll
    + 2008-08-06 03:27:39 517,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16724_none_cccc40dbcc4dcbaa\ehui.dll
    + 2008-08-06 03:18:12 521,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20889_none_cd19ff90e59791cd\ehui.dll
    + 2008-08-05 09:49:54 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18115_none_cebe4fb7c96b5a01\ehui.dll
    + 2008-08-06 03:56:08 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22237_none_cf344d3ee297645b\ehui.dll
    + 2008-08-06 03:27:39 1,497,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16724_none_3a1333122e23804c\ehuihlp.dll
    + 2008-08-06 03:18:13 1,498,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20889_none_3a60f1c7476d466f\ehuihlp.dll
    + 2008-09-18 04:56:02 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\Faultrep.dll
    + 2008-01-19 07:33:35 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe
    + 2008-01-19 07:33:35 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe
    + 2008-09-20 04:00:23 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\Faultrep.dll
    + 2008-09-20 04:00:16 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe
    + 2008-09-20 04:00:16 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFaultSecure.exe
    + 2008-09-18 04:56:07 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\wersvc.dll
    + 2008-09-20 04:00:26 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.22271_none_7a0ae2e8aa3b1988\wersvc.dll
    + 2008-10-02 03:49:05 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\pngfilt.dll
    + 2008-10-02 03:30:07 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\pngfilt.dll
    + 2008-10-02 03:49:06 1,159,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\urlmon.dll
    + 2008-10-02 03:30:37 1,162,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\urlmon.dll
    + 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\urlmon.dll
    + 2008-10-02 03:34:49 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\urlmon.dll
    + 2008-10-02 03:49:04 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\mstime.dll
    + 2008-10-02 03:28:20 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\mstime.dll
    + 2008-10-02 03:49:16 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\mstime.dll
    + 2008-10-02 03:34:46 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\mstime.dll
    + 2008-10-02 03:49:02 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\jsproxy.dll
    + 2008-10-02 03:49:06 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
    + 2008-10-02 03:49:06 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\WininetPlugin.dll
    + 2008-10-02 03:27:01 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\jsproxy.dll
    + 2008-10-02 03:30:45 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
    + 2008-10-02 03:30:45 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\WininetPlugin.dll
    + 2008-10-02 03:49:14 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\jsproxy.dll
    + 2008-10-02 03:49:19 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
    + 2008-04-08 20:44:11 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WininetPlugin.dll
    + 2008-10-02 03:34:46 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\jsproxy.dll
    + 2008-10-02 03:34:49 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
    + 2008-10-02 03:34:49 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\WininetPlugin.dll
    + 2007-09-11 18:46:03 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dat
    + 2008-10-02 03:49:02 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dll
    + 2007-09-11 18:46:03 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dat
    + 2008-10-02 03:26:47 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dll
    + 2008-10-02 03:49:02 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtmsft.dll
    + 2008-10-02 03:49:02 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtrans.dll
    + 2008-10-02 03:26:19 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtmsft.dll
    + 2008-10-02 03:26:20 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtrans.dll
    + 2008-10-02 03:49:03 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\mshtmled.dll
    + 2008-10-02 03:27:54 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\mshtmled.dll
    + 2008-10-02 03:49:03 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\mshtml.dll
    + 2008-10-02 03:27:54 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\mshtml.dll
    + 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\mshtml.dll
    + 2008-10-02 03:34:46 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\mshtml.dll
    + 2008-10-02 03:49:02 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\icardie.dll
    + 2008-10-02 03:26:46 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\icardie.dll
    + 2008-10-02 03:48:32 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\ieUnatt.exe
    + 2008-10-02 03:50:01 633,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
    + 2008-10-02 01:18:42 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\ieUnatt.exe
    + 2008-10-02 03:32:01 633,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
    + 2008-10-02 03:49:02 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\iertutil.dll
    + 2008-10-02 03:49:06 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\sqmapi.dll
    + 2008-10-02 03:26:48 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\iertutil.dll
    + 2008-10-02 03:30:30 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\sqmapi.dll
    + 2008-10-02 03:49:14 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\iertutil.dll
    + 2008-01-19 07:36:35 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\sqmapi.dll
    + 2008-10-02 03:34:45 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\iertutil.dll
    + 2008-10-02 03:34:48 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\sqmapi.dll
    + 2008-10-02 03:48:32 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\ie4uinit.exe
    + 2008-10-02 03:49:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iernonce.dll
    + 2008-10-02 03:49:02 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iesetup.dll
    + 2008-10-02 01:18:33 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\ie4uinit.exe
    + 2008-10-02 03:26:48 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iernonce.dll
    + 2008-10-02 03:26:48 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iesetup.dll
    + 2008-10-02 03:49:02 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\iebrshim.dll
    + 2008-10-02 03:26:47 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\iebrshim.dll
    + 2008-10-02 03:49:02 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieframe.dll
    + 2008-10-02 03:49:02 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieui.dll
    + 2008-10-02 03:26:48 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieframe.dll
    + 2008-10-02 03:26:48 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieui.dll
    + 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieframe.dll
    + 2008-01-19 07:34:31 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieui.dll
    + 2008-10-02 03:34:45 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieframe.dll
    + 2008-10-02 03:34:45 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieui.dll
    + 2008-10-02 03:48:32 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\ieinstal.exe
    + 2008-10-02 01:18:55 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\ieinstal.exe
    + 2008-10-02 03:48:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\ieuser.exe
    + 2008-10-02 01:18:56 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\ieuser.exe
    + 2008-08-06 03:27:40 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16724_none_3d328dcd626a3334\mcmde.dll
    + 2008-08-06 03:19:18 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20889_none_3d804c827bb3f957\mcmde.dll
    + 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll
    + 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll
    + 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll
    + 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll
    + 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll
    + 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll
    + 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll
    + 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll
    + 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll
    + 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll
    + 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll
    + 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll
    + 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll
    + 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
    + 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll
    + 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll
    + 2008-10-16 04:40:36 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a\netapi32.dll
    + 2008-10-16 04:22:27 425,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d\netapi32.dll
    + 2008-10-16 04:47:33 466,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\netapi32.dll
    + 2008-10-16 04:38:26 466,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563\netapi32.dll
    + 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat
    + 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat
    + 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat
    + 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat
    + 2008-09-18 04:35:05 3,505,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe
    + 2008-09-18 04:35:07 3,470,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
    + 2008-09-18 04:27:45 3,506,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe
    + 2008-09-18 04:27:44 3,472,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
    + 2008-09-18 05:09:10 3,601,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe
    + 2008-09-18 05:09:09 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
    + 2008-09-18 04:54:44 3,601,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe
    + 2008-09-18 04:54:49 3,549,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
    + 2008-08-12 03:29:17 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\printcom.dll
    + 2008-08-12 03:29:18 441,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\win32spl.dll
    + 2008-08-12 03:17:47 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\printcom.dll
    + 2008-08-12 03:18:17 444,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\win32spl.dll
    + 2008-01-19 07:36:07 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\printcom.dll
    + 2008-08-12 03:39:08 443,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\win32spl.dll
    + 2008-08-12 03:25:35 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\printcom.dll
    + 2008-08-12 03:25:37 443,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\win32spl.dll
    + 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
    + 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
    + 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
    + 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
    + 2008-08-26 01:12:30 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\srv.sys
    + 2008-08-27 00:49:12 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\srv.sys
    + 2008-08-27 01:06:25 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\srv.sys
    + 2008-08-27 00:53:21 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\srv.sys
    + 2008-08-06 03:27:39 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16724_none_de803b00914caa46\EncDec.dll
    + 2008-08-06 03:18:16 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20889_none_decdf9b5aa967069\EncDec.dll
    + 2008-08-05 09:49:58 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18115_none_e07249dc8e6a389d\EncDec.dll
    + 2008-08-06 04:00:35 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22237_none_e0e84763a79642f7\EncDec.dll
    + 2008-08-06 03:27:43 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16724_none_da055cba59f5adf1\psisdecd.dll
    + 2008-08-06 03:21:05 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20889_none_da531b6f733f7414\psisdecd.dll
    + 2008-08-05 09:49:58 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\psisdecd.dll
    + 2008-08-06 04:00:45 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22237_none_dc6d691d703f46a2\psisdecd.dll
    + 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
    + 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
    + 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad
    0
    1. archet9
       
      ----> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
      http://oldtimer.geekstogo.com/OTMoveIt3.exe

      ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

      ---> Copie (Ctrl+C) le texte suivant ci-dessous :





      :processes
      explorer.exe

      :files
      C:\Program Files\Search Settings

      :commands
      [purity]
      [emptytemp]
      [start explorer]
      [reboot]





      ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

      ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

      Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
      Accepte en cliquant sur YES.

      ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
      Le nom du rapport correspond au moment de sa création : date_heure.log


      a+-
      Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737 
      Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
      peu de temps avant sa mort il cherchait encore... 
      0
  15. neor
     
    refait un scan hijack

    coche les cases
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O13 - Gopher Prefix:

    ca changera pas grand chose mais un peu de menage :)
    0
    1. archet9
       
      je te signales que:

      O13 - Gopher Prefix:

      est legitime sous vista..
      de plus pour les autres lignes comme tu dis ca ne changera rien. donc........
      salut
      0
  16. R2dd Messages postés 20 Statut Membre
     
    WOuao Deux a la fois....

    Pour Archet9

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    Folder move failed. C:\Program Files\Search Settings\kb126\temp scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Search Settings\kb126\res scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Search Settings\kb126 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Search Settings scheduled to be moved on reboot.
    ========== COMMANDS ==========
    File delete failed. C:\Users\jmk\AppData\Local\Temp\etilqs_kZIMcCBtbJds2qp8wuTd scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Users\jmk\AppData\Local\Mozilla\Firefox\Profiles\uxl9d45x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\jmk\AppData\Local\Mozilla\Firefox\Profiles\uxl9d45x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\jmk\AppData\Local\Mozilla\Firefox\Profiles\uxl9d45x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\jmk\AppData\Local\Mozilla\Firefox\Profiles\uxl9d45x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\jmk\AppData\Local\Mozilla\Firefox\Profiles\uxl9d45x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11222008_213719

    VOila.
    0
    1. archet9
       
      bien...
      hijack pour verif
      a+
      0
  17. R2dd Messages postés 20 Statut Membre
     
    POur neor

    Jai Fix Checked les 4 lignes...C'est Ok ca ?
    0
    1. archet9
       
      PUTAIN.......--REGARDE LE POST 22...
      Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737 
      Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
      peu de temps avant sa mort il cherchait encore... 
      0
  18. R2dd Messages postés 20 Statut Membre
     
    Allez un rapport Hijackthis pour detendre..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:50:57, on 22/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Users\jmk\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\jmk\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jmk\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\jmk\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
    1. archet9
       
      fais ceci

      Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
      https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

      * Lance l'installation du programme en exécutant le fichier téléchargé.
      * Double-clique maintenant sur le raccourci de Toolbar-S&D.
      * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
      * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
      * Poste le rapport généré. (C:\TB.txt)
      a+
      0
  19. R2dd Messages postés 20 Statut Membre
     
    Fais et rendu

    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : jmk ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081121-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:457 Go (Free:350 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( 22/11/2008|23:49 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.js
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.xul
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.dtd
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.properties
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio.ico
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealiotoolbarplugin.css
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_large.png
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_small.png
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_act.ico
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_hot.ico
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.bmp
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.ico
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.bmp
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.ico
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\search_dealio.bmp
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioFF.dll
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioProtocol.js
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.idl
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.xpt
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.idl
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.xpt
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.idl
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.xpt
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb126
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb126\res
    C:\Program Files\Search Settings\kb126\SearchSettings.dll
    C:\Program Files\Search Settings\kb126\temp

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\windows\\system32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 22/11/2008|23:49 - Option : [1]

    -----------\\ Fin du rapport a 23:49:34,74

    A suivre
    0
    1. archet9
       
      fais l option 2 stp
      collele rapport....
      a+
      0
  20. R2dd Messages postés 20 Statut Membre
     
    Re

    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : jmk ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081121-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:457 Go (Free:350 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [2] ( 22/11/2008|23:59 )

    -----------\\ SUPPRESSION

    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
    Supprime! - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
    Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    Supprime! - C:\Program Files\Search Settings\kb126
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\windows\\system32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 22/11/2008|23:49 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 22/11/2008|23:59 - Option : [2]

    -----------\\ Fin du rapport a 23:59:32,43
    0
    1. archet9
       
      oufffffffff
      la je pense que cest bon....
      hijack stp...
      a+
      0
  21. R2dd Messages postés 20 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:21:47, on 23/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Users\jmk\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\jmk\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jmk\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
    1. archet9
       
      C EST BONNNNN !!!!!!
      y a plus qu a finalisé......
      ouf
      a+
      0
  • 1
  • 2