Se connecter / S'enregistrer
Votre question

Winlogon.exe infecté par un trojan

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Novembre 2010 22:35:27

Bonjour,

je suis sous XP Pro SP3, je Kerio et antivir (Avira).
Mon fichier winlogon.exe est infecté pqar le trojan : TR/Patched.KL.196
Je ne parviens pas à m'en débarasser...

Merci pour votre aide.

Autres pages sur : winlogon exe infecte trojan

a c 267 8 Sécurité
22 Novembre 2010 23:03:00

Bonjour,

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

  • Réponds Oui au message d'avertissement pour que ComboFix commence l'analyse de ton PC.

  • Il va te demander d'installer la console de récupération : accepte.

  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    23 Novembre 2010 07:12:17

    Bonjour Destrio5,

    voici mon rapport :

    ComboFix 10-11-22.05 - Administrateur 23/11/2010 7:02.2.3 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2698 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-23 au 2010-11-23 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-05-08 12:22 . !HASH: COULD NOT OPEN FILE !!!!! . 568320 . . [------] . . c:\windows\system32\winlogon.exe

    [-] 2008-05-08 . D449DF66B6335B443508A58B1E8DB996 . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    [-] 2008-05-08 . 3C3BC824F70B00CB9507E8F3FD0D0A46 . 2516480 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

    [-] 2008-05-08 . DB3AB42404D66860A4C4E9ED8530D0FD . 724480 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

    [-] 2007-10-29 . D84567752FB42D8DC55CFB85FE0EDECE . 1916416 . . [6.00.2900.2894] . . c:\windows\explorer.exe


    [-] 2008-05-15 . A5780186A76EABA3E656E63B41862997 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

    [-] 2008-05-08 . 58DB2EE838D5B7BAD0F7F10A6C920390 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

    [-] 2008-05-15 . A37C1B89E3446B9E3CBB4FE260FE52B9 . 2395136 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe

    c:\windows\System32\wscntfy.exe ... manque !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-21_12.33.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
    + 2008-03-25 19:49 . 2008-03-25 19:49 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
    + 2007-09-13 14:38 . 2007-09-13 14:38 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
    + 2007-09-13 14:38 . 2007-09-13 14:38 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
    + 2008-03-25 03:03 . 2008-03-25 03:03 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
    + 2010-11-21 13:08 . 2010-11-21 13:08 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
    + 2008-03-14 05:56 . 2008-03-14 05:56 12288 c:\windows\Twunk_32.dll
    + 2008-03-14 05:56 . 2008-03-14 05:56 12288 c:\windows\Twunk_16.dll
    + 2010-11-22 11:16 . 2004-12-07 08:02 86016 c:\windows\twain_32\Creative\PD0630\HookWnd.dll
    + 2010-11-22 11:16 . 2004-08-01 17:02 98304 c:\windows\twain_32\Creative\PD0630\CtTwain.dll
    + 2010-11-23 06:00 . 2010-11-23 06:00 16384 c:\windows\temp\Perflib_Perfdata_4c4.dat
    + 2010-11-22 11:16 . 2008-04-13 16:33 59392 c:\windows\system32\vfwwdm32.dll
    + 2010-11-21 13:56 . 2003-04-09 17:10 32768 c:\windows\system32\udaprop3.dll
    + 2008-04-14 16:00 . 2010-11-23 05:46 69552 c:\windows\system32\perfc00C.dat
    - 2008-04-14 16:00 . 2010-11-21 12:23 69552 c:\windows\system32\perfc00C.dat
    - 2008-04-14 16:00 . 2010-11-21 12:23 57326 c:\windows\system32\perfc009.dat
    + 2008-04-14 16:00 . 2010-11-23 05:46 57326 c:\windows\system32\perfc009.dat
    + 2010-11-22 11:16 . 2005-06-05 17:01 32768 c:\windows\system32\P0630Sti.dll
    + 2010-11-22 11:16 . 2004-01-14 17:00 20480 c:\windows\system32\P0630Srv.exe
    + 2010-11-22 11:16 . 2005-06-05 17:01 36864 c:\windows\system32\P0630Pin.dll
    + 2010-11-22 11:16 . 2005-06-05 17:01 49152 c:\windows\system32\P0630Hwx.dll
    + 2010-11-22 11:16 . 2005-03-14 17:00 24576 c:\windows\system32\P0630Aor.dll
    + 2008-04-13 17:33 . 2008-04-13 16:33 16896 c:\windows\system32\msyuv.dll
    - 2008-04-13 17:33 . 2008-05-15 17:53 16896 c:\windows\system32\msyuv.dll
    + 2007-11-20 15:06 . 2007-11-20 15:06 82432 c:\windows\system32\msxml4r.dll
    + 2010-11-21 18:28 . 2010-09-08 12:59 15880 c:\windows\system32\lsdelete.exe
    - 2008-04-13 17:33 . 2008-05-15 17:53 47616 c:\windows\system32\iyuv_32.dll
    + 2008-04-13 17:33 . 2008-04-13 16:33 47616 c:\windows\system32\iyuv_32.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 20992 c:\windows\system32\hpzisn12.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 29696 c:\windows\system32\hpzipt12.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 33792 c:\windows\system32\HPZipr12.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 53248 c:\windows\system32\HPZipm12.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 43520 c:\windows\system32\HPZinw12.dll
    + 2008-02-28 10:53 . 2008-02-28 10:53 49152 c:\windows\system32\HPZidr12.dll
    + 2008-03-04 20:44 . 2008-03-04 20:44 39936 c:\windows\system32\hpbpro.dll
    + 2008-03-04 20:45 . 2008-03-04 20:45 25600 c:\windows\system32\hpboid.dll
    + 2008-03-04 20:44 . 2008-03-04 20:44 24576 c:\windows\system32\hpbmiapi.dll
    + 2010-11-21 17:12 . 2010-09-08 12:59 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 16800 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\WinxP\Hppaufd0.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 21568 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\Win2000\HPZius12.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 16496 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\Win2000\hpzipr12.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 49920 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\Win2000\hpzid412.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 16496 c:\windows\system32\DRVSTORE\hpzipr13_C9EFFB306376E0DAAB196379F2FF1A6C6831DBC0\drivers\dot4\Win2000\HPZipr12.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 21568 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\drivers\dot4\Win2000\HPZius12.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 16496 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\drivers\dot4\Win2000\HPzipr12.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 49920 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\drivers\dot4\Win2000\HPZid412.sys
    + 2010-11-21 13:08 . 2008-04-16 04:05 49920 c:\windows\system32\DRVSTORE\hpzid413_BB4DA186A9221295574008715857A658A80C5EFC\drivers\dot4\Win2000\HPZid412.sys
    + 2010-11-21 13:07 . 2008-04-13 08:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
    + 2010-11-21 13:11 . 2008-04-13 08:45 15104 c:\windows\system32\drivers\usbscan.sys
    + 2010-11-21 13:07 . 2008-04-13 08:47 25856 c:\windows\system32\drivers\usbprint.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 15232 c:\windows\system32\drivers\StreamIP.sys
    - 2008-04-13 09:45 . 2008-05-15 17:53 49408 c:\windows\system32\drivers\stream.sys
    + 2008-04-13 09:45 . 2008-04-13 08:45 49408 c:\windows\system32\drivers\stream.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 11136 c:\windows\system32\drivers\SLIP.sys
    + 2010-11-21 17:12 . 2010-11-21 17:12 98392 c:\windows\system32\drivers\SBREDrv.sys
    + 2010-11-22 11:16 . 2005-06-06 01:44 91841 c:\windows\system32\drivers\P0630Vid.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 10880 c:\windows\system32\drivers\NdisIP.sys
    + 2010-11-22 11:16 . 2008-04-13 08:46 85248 c:\windows\system32\drivers\NABTSFEC.sys
    + 2010-11-21 17:12 . 2010-09-08 12:59 64288 c:\windows\system32\drivers\Lbd.sys
    + 2010-11-21 13:12 . 2008-04-16 04:05 21568 c:\windows\system32\drivers\HPZius12.sys
    + 2010-11-21 13:13 . 2008-04-16 04:05 16496 c:\windows\system32\drivers\HPZipr12.sys
    + 2010-11-21 13:12 . 2008-04-16 04:05 49920 c:\windows\system32\drivers\HPZid412.sys
    + 2010-11-21 12:20 . 2008-04-13 08:45 60160 c:\windows\system32\drivers\drmk.sys
    - 2010-11-21 12:20 . 2008-04-13 09:45 60160 c:\windows\system32\drivers\drmk.sys
    + 2010-11-22 11:16 . 2008-04-13 08:46 17024 c:\windows\system32\drivers\CCDECODE.sys
    + 2010-11-21 13:07 . 2008-04-13 08:45 26368 c:\windows\system32\dllcache\usbstor.sys
    + 2010-11-21 13:11 . 2008-04-13 08:45 15104 c:\windows\system32\dllcache\usbscan.sys
    + 2010-11-21 13:07 . 2008-04-13 08:47 25856 c:\windows\system32\dllcache\usbprint.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 15232 c:\windows\system32\dllcache\streamip.sys
    + 2008-04-13 09:45 . 2008-04-13 08:45 49408 c:\windows\system32\dllcache\stream.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 11136 c:\windows\system32\dllcache\slip.sys
    + 2010-11-22 11:18 . 2008-04-13 08:46 10880 c:\windows\system32\dllcache\ndisip.sys
    + 2010-11-22 11:16 . 2008-04-13 08:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
    + 2008-04-13 17:33 . 2008-04-13 16:33 16896 c:\windows\system32\dllcache\msyuv.dll
    + 2008-04-13 17:33 . 2008-04-13 16:33 47616 c:\windows\system32\dllcache\iyuv_32.dll
    + 2010-11-21 12:20 . 2008-04-13 08:45 60160 c:\windows\system32\dllcache\drmk.sys
    + 2010-11-22 11:16 . 2008-04-13 08:46 17024 c:\windows\system32\dllcache\ccdecode.sys
    + 2010-11-22 11:14 . 2005-03-14 17:00 24576 c:\windows\system32\CTWEBFUN.DLL
    + 2010-11-22 11:14 . 2005-03-30 17:06 36864 c:\windows\system32\CtCamMgr.dll
    + 2010-11-21 13:56 . 2007-02-26 18:30 36864 c:\windows\system32\cmudax3.DLL
    + 2010-11-21 13:56 . 2003-02-18 16:26 28672 c:\windows\system32\cmrmdrv3.dll
    + 2003-03-18 18:05 . 2003-03-18 18:05 89088 c:\windows\system32\atl71.dll
    + 2010-11-21 13:57 . 2007-01-16 13:49 65536 c:\windows\system\VMix.dll
    + 2010-11-22 11:16 . 2004-02-22 17:00 20480 c:\windows\P0630Cfg.exe
    + 2010-11-21 13:08 . 2010-11-21 13:08 65024 c:\windows\Installer\34f5e.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe
    + 2010-11-21 13:10 . 2010-11-21 13:10 65536 c:\windows\Installer\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}\ARPPRODUCTICON.exe
    + 2010-11-21 13:09 . 2010-11-21 13:09 65536 c:\windows\Installer\{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
    + 2010-11-21 13:10 . 2010-11-21 13:10 25214 c:\windows\Installer\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
    + 2010-11-21 13:10 . 2010-11-21 13:10 25214 c:\windows\Installer\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
    + 2010-11-21 13:11 . 2010-11-21 13:11 25214 c:\windows\Installer\{09633A5E-3089-41A8-9FF1-382171423C5D}\ARPPRODUCTICON.exe
    + 2010-11-22 11:16 . 2004-10-21 18:15 86016 c:\windows\CtDrvIns.exe
    + 2010-11-21 12:54 . 2010-11-21 12:54 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0e5c641d0c2faa44904361051e5cde5f\Microsoft.Build.Framework.ni.dll
    + 2010-11-21 12:54 . 2010-11-21 12:54 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ff60b215323d284f9251050dd52abd86\dfsvc.ni.exe
    + 2010-11-21 12:54 . 2010-11-21 12:54 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\af5ebfdeee73ca41a4d7421a220b5dc8\Accessibility.ni.dll
    - 2001-08-23 15:47 . 2008-05-15 17:53 8192 c:\windows\system32\tsbyuv.dll
    + 2001-08-23 15:47 . 2001-08-23 14:47 8192 c:\windows\system32\tsbyuv.dll
    + 2008-03-04 20:44 . 2008-03-04 20:44 7680 c:\windows\system32\hpbprops.dll
    + 2008-03-04 20:45 . 2008-03-04 20:45 7680 c:\windows\system32\hpboidps.dll
    + 2010-11-22 11:18 . 2008-04-13 08:39 5504 c:\windows\system32\drivers\MSTEE.sys
    + 2001-08-23 15:47 . 2001-08-23 14:47 8192 c:\windows\system32\dllcache\tsbyuv.dll
    + 2010-11-22 11:18 . 2008-04-13 08:39 5504 c:\windows\system32\dllcache\mstee.sys
    + 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
    + 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
    + 2008-03-25 20:23 . 2008-03-25 20:23 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
    + 2008-03-25 20:23 . 2008-03-25 20:23 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
    + 2008-03-25 20:23 . 2008-03-25 20:23 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 302592 c:\windows\system32\spool\prtprocs\w32x86\hpzpp692.dll
    + 2010-11-21 13:12 . 2007-03-09 09:03 761344 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\UNIRES.DLL
    + 2010-11-21 13:12 . 2007-03-09 09:03 740864 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\UNIDRVUI.DLL
    + 2010-11-21 13:12 . 2007-03-09 09:03 372736 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\UNIDRV.DLL
    + 2010-11-21 13:12 . 2008-06-06 19:47 196096 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzvu692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 301568 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzpr692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 469504 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzpa692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 524288 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzev692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:48 345600 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpoc4503.dll
    + 2010-11-21 13:12 . 2007-06-29 10:56 113664 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpfrs692.dll
    + 2010-11-21 13:12 . 2007-08-10 09:06 356352 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpfig692.dll
    + 2010-11-21 13:12 . 2007-06-29 10:55 326144 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpfie692.dll
    + 2010-11-21 13:12 . 2007-03-09 09:03 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
    + 2010-11-21 13:12 . 2007-03-09 09:03 740864 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
    + 2010-11-21 13:12 . 2007-03-09 09:03 372736 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
    + 2010-11-21 13:12 . 2008-06-06 19:47 196096 c:\windows\system32\spool\drivers\w32x86\3\hpzvu692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 301568 c:\windows\system32\spool\drivers\w32x86\3\hpzpr692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 469504 c:\windows\system32\spool\drivers\w32x86\3\hpzpa692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 524288 c:\windows\system32\spool\drivers\w32x86\3\hpzev692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:48 345600 c:\windows\system32\spool\drivers\w32x86\3\hpoc4503.dll
    + 2010-11-21 13:12 . 2007-06-29 10:56 113664 c:\windows\system32\spool\drivers\w32x86\3\hpfrs692.dll
    + 2010-11-21 13:12 . 2007-08-10 09:06 356352 c:\windows\system32\spool\drivers\w32x86\3\hpfig692.dll
    + 2010-11-21 13:12 . 2007-06-29 10:55 326144 c:\windows\system32\spool\drivers\w32x86\3\hpfie692.dll
    + 2008-04-14 16:00 . 2010-11-23 05:46 455364 c:\windows\system32\perfh00C.dat
    - 2008-04-14 16:00 . 2010-11-21 12:23 455364 c:\windows\system32\perfh00C.dat
    - 2008-04-14 16:00 . 2010-11-21 12:23 389786 c:\windows\system32\perfh009.dat
    + 2008-04-14 16:00 . 2010-11-23 05:46 389786 c:\windows\system32\perfh009.dat
    + 2010-11-22 11:16 . 2004-09-14 17:01 126976 c:\windows\system32\P0630Vfw.dll
    + 2008-03-26 01:25 . 2008-03-26 01:25 348160 c:\windows\system32\msvcr71.dll
    + 2008-03-25 19:38 . 2008-03-25 19:38 499712 c:\windows\system32\msvcp71.dll
    - 2008-04-13 17:34 . 2008-05-15 17:53 294912 c:\windows\system32\msh263.drv
    + 2008-04-13 17:34 . 2008-04-13 16:34 294912 c:\windows\system32\msh263.drv
    + 2008-03-25 19:38 . 2008-03-25 19:38 218496 c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
    + 2010-11-21 16:25 . 2010-11-21 16:25 153376 c:\windows\system32\javaws.exe
    + 2010-11-21 16:25 . 2010-11-21 16:25 145184 c:\windows\system32\javaw.exe
    + 2010-11-21 16:25 . 2010-11-21 16:25 145184 c:\windows\system32\java.exe
    + 2010-11-21 13:12 . 2008-04-16 04:05 271704 c:\windows\system32\hpzids01.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 118272 c:\windows\system32\hpz3l692.dll
    + 2010-11-21 13:11 . 2008-04-16 04:05 372736 c:\windows\system32\hppldcoi.dll
    + 2010-11-21 13:11 . 2008-04-16 04:05 729088 c:\windows\system32\hposwia_p01a.dll
    + 2010-11-21 13:11 . 2008-04-16 04:05 974848 c:\windows\system32\hpost_p01a.dll
    + 2010-11-21 13:11 . 2008-02-28 10:08 303104 c:\windows\system32\hposc_p01a.dll
    + 2007-04-24 09:33 . 2007-04-24 09:33 114688 c:\windows\system32\hplbdchn.dll
    + 2010-11-21 13:08 . 2008-02-28 10:06 282624 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\HPZc3212.dll
    + 2010-11-21 13:08 . 2008-04-16 04:05 372736 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\Win2000\hppldcoi.dll
    + 2010-11-21 13:08 . 2008-04-16 04:05 309760 c:\windows\system32\DRVSTORE\hpzius13_8BCAED1583E0E5054EBC2C9998C4BD9456C92A0B\drivers\dot4\Win2000\difxapi.dll
    + 2010-11-21 13:08 . 2008-02-28 10:06 282624 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\HPZc3212.dll
    + 2010-11-21 13:08 . 2008-04-16 04:05 372736 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\drivers\dot4\Win2000\hppldcoi.dll
    + 2010-11-21 13:08 . 2008-04-16 04:05 309760 c:\windows\system32\DRVSTORE\hpzipa13_CCD1A0495D34764CD403C44519EC30FC888B0B9C\drivers\dot4\Win2000\difxapi.dll
    + 2010-11-21 13:07 . 2008-02-28 10:08 229376 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\scanner\x32\hpotsti1.dll
    + 2010-11-21 13:07 . 2008-04-16 04:05 729088 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\scanner\x32\hposwia_p01a.dll
    + 2010-11-21 13:07 . 2008-04-16 04:05 974848 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\scanner\x32\hpost_p01a.dll
    + 2010-11-21 13:07 . 2008-02-28 10:08 303104 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\scanner\x32\hposc_p01a.dll
    + 2010-11-21 13:07 . 2008-04-16 04:05 372736 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\dot4\Win2000\hppldcoi.dll
    + 2010-11-21 13:07 . 2008-04-16 04:05 309760 c:\windows\system32\DRVSTORE\hpoc4500_s_75B6F46665379C94A7B5CF9E5D63A7EC7E3AA8D5\drivers\dot4\Win2000\difxapi.dll
    + 2010-11-21 13:08 . 2008-04-16 04:05 271704 c:\windows\system32\DRVSTORE\hpc4500a_E2929E40DCDA535E90AA8B8FEB3A7A776CBC661D\hpzids01.dll
    - 2010-11-21 12:20 . 2008-04-13 10:19 146048 c:\windows\system32\drivers\portcls.sys
    + 2010-11-21 12:20 . 2008-04-13 09:19 146048 c:\windows\system32\drivers\portcls.sys
    + 2008-04-13 10:16 . 2008-04-13 09:16 141056 c:\windows\system32\drivers\ks.sys
    - 2008-04-13 10:16 . 2008-05-15 17:53 141056 c:\windows\system32\drivers\ks.sys
    + 2010-11-21 12:20 . 2008-04-13 09:19 146048 c:\windows\system32\dllcache\portcls.sys
    + 2008-04-13 10:16 . 2008-04-13 09:16 141056 c:\windows\system32\dllcache\ks.sys
    + 2010-11-21 13:11 . 2008-04-16 04:05 309760 c:\windows\system32\difxapi.dll
    + 2010-11-21 16:25 . 2010-11-21 16:25 472808 c:\windows\system32\deployJava1.dll
    + 2010-11-21 13:56 . 2005-10-12 12:58 241664 c:\windows\system32\cmrmdrv3.exe
    + 2010-11-21 13:57 . 2007-04-13 14:35 442368 c:\windows\system32\Cmeaupci.exe
    + 2010-11-21 13:57 . 2001-11-23 10:08 712704 c:\windows\system32\Audio3D3.dll
    + 2008-03-20 08:36 . 2008-03-20 08:36 287256 c:\windows\system32\AbaleZip.dll
    + 2010-11-21 13:57 . 2001-11-23 10:08 712704 c:\windows\system32\a3d.dll
    + 2010-11-21 13:56 . 2002-04-29 13:04 917504 c:\windows\system\cmids3d3.dll
    + 2010-11-22 11:14 . 1998-11-13 12:16 308224 c:\windows\IsUn040c.exe
    + 2010-11-21 17:09 . 2010-11-21 17:09 236032 c:\windows\Installer\40fedf.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 211968 c:\windows\Installer\35037.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 303616 c:\windows\Installer\35031.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 373248 c:\windows\Installer\3500b.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 711680 c:\windows\Installer\35004.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 344064 c:\windows\Installer\34ffe.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 121344 c:\windows\Installer\34ff4.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 596480 c:\windows\Installer\34fee.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 121344 c:\windows\Installer\34fe4.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 339968 c:\windows\Installer\34fde.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 444416 c:\windows\Installer\34fd8.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 613376 c:\windows\Installer\34fd2.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 550912 c:\windows\Installer\34fcb.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 648192 c:\windows\Installer\34fc4.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 121344 c:\windows\Installer\34fb8.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 784896 c:\windows\Installer\34fac.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 583168 c:\windows\Installer\34fa2.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 121344 c:\windows\Installer\34f9c.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 802816 c:\windows\Installer\34f96.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 322560 c:\windows\Installer\34f8c.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 599040 c:\windows\Installer\34f86.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 519680 c:\windows\Installer\34f80.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 433664 c:\windows\Installer\34f7a.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 326144 c:\windows\Installer\34f70.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 501760 c:\windows\Installer\34f6a.msi
    + 2010-11-21 13:08 . 2010-11-21 13:08 374272 c:\windows\Installer\34f64.msi
    + 2010-11-21 16:26 . 2010-11-21 16:26 180224 c:\windows\Installer\18cb67.msi
    + 2010-11-21 16:25 . 2010-11-21 16:25 676352 c:\windows\Installer\18cb5d.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 693552 c:\windows\Installer\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
    + 2010-11-21 13:34 . 2010-11-21 13:34 364726 c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
    + 2010-11-21 13:06 . 2010-11-21 13:11 187620 c:\windows\hpoins30.dat
    + 2010-11-21 12:55 . 2010-11-21 12:55 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8b29b77a124bf947afce1f34249391ed\System.Web.RegularExpressions.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\07d570292695c74b9c4de36b4a37746a\System.Transactions.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1f7f5f4876d3914d9cbf2a0a9705fcf1\System.Security.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6f471eaa76fef34ea4bdbf7a334fa016\System.EnterpriseServices.Wrapper.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6f471eaa76fef34ea4bdbf7a334fa016\System.EnterpriseServices.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c89035f6ac867f498392de824ab320fd\System.DirectoryServices.Protocols.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7ab7f9d446520c4fadfffdf54431adc4\System.Configuration.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\709ba20d2d57df4b96b62d08c0536332\Microsoft.Build.Utilities.ni.dll
    + 2010-11-21 12:54 . 2010-11-21 12:54 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d88a1dfb2b9c434497df7fe3e4a6cd6c\Microsoft.Build.Engine.ni.dll
    + 2010-11-21 12:54 . 2010-11-21 12:54 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\f5e47fd5d1943c428948b9e32970ed97\CustomMarshalers.ni.dll
    + 2010-11-21 12:54 . 2010-11-21 12:54 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\48c3622b3c11b947bd6ce3aa0b3d98b9\AspNetMMCExt.ni.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
    + 2007-09-13 14:38 . 2007-09-13 14:38 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
    + 2007-09-13 14:38 . 2007-09-13 14:38 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
    + 2010-11-21 13:08 . 2010-11-21 13:08 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
    + 2010-11-22 11:16 . 2001-08-23 08:25 1706800 c:\windows\twain_32\Creative\PD0630\gdiplus.dll
    + 2010-11-21 13:12 . 2008-06-06 19:14 3499008 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzur692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:47 1594368 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzui692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:14 6146560 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpzst692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 1397760 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c4500_s23a0\hpz3r692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:14 3499008 c:\windows\system32\spool\drivers\w32x86\3\hpzur692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:47 1594368 c:\windows\system32\spool\drivers\w32x86\3\hpzui692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:14 6146560 c:\windows\system32\spool\drivers\w32x86\3\hpzst692.dll
    + 2010-11-21 13:12 . 2008-06-06 19:49 1397760 c:\windows\system32\spool\drivers\w32x86\3\hpz3r692.dll
    + 2007-11-20 15:06 . 2007-11-20 15:06 1230336 c:\windows\system32\msxml4.dll
    + 2008-03-16 11:14 . 2008-03-16 11:14 1645320 c:\windows\system32\gdiplus.dll
    + 2010-11-22 11:16 . 2004-03-29 17:00 1125376 c:\windows\system32\drivers\P0630Evx.sys
    + 2010-11-21 13:56 . 2007-04-12 14:27 1399680 c:\windows\system32\drivers\cmudax3.sys
    + 2010-11-21 17:09 . 2010-11-21 17:09 1867264 c:\windows\Installer\40fee9.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 1273344 c:\windows\Installer\3503d.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 1302528 c:\windows\Installer\3502b.msi
    + 2010-11-21 13:11 . 2010-11-21 13:11 1113600 c:\windows\Installer\35025.msi
    + 2010-11-21 13:10 . 2010-11-21 13:10 1510400 c:\windows\Installer\35012.msi
    + 2010-11-21 13:09 . 2010-11-21 13:09 5652992 c:\windows\Installer\34fb2.msi
    + 2010-11-21 13:34 . 2010-11-21 13:34 1601536 c:\windows\Installer\1af795.msi
    + 2010-11-21 12:55 . 2010-11-21 12:55 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fa196522f96141478d774bdc0b243f63\System.Web.Services.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d07a9551200d01498ffbf983f31e72f2\System.Web.Mobile.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9a32c640d6da6642a0959435c0059933\System.DirectoryServices.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\28674303f64524439689182a151b342b\System.Deployment.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\74e3228d98ac4243b2364aeb6b75d168\Microsoft.VisualBasic.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\693af6b87d2ede468e555099be8ced56\Microsoft.Build.Tasks.ni.dll
    + 2010-11-21 12:55 . 2010-11-21 12:55 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1d58a4d75c024f429e2fb067c5cc9202\System.Web.ni.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-02 1276416]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "nwiz"="nwiz.exe" [2008-05-16 1630208]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]


    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "DisablePagingExecutive"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "427:UDP"= 427:UDP:SLP_Port(427)

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/11/2010 18:12 VALR 64288]
    R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [21/11/2010 13:17 VALR 102912]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2010 13:14 VALR 135336]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [08/09/2010 13:59 VALR 1375992]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21/11/2010 13:03 VALR 36864]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [08/09/2010 13:59 VALR 15264]
    R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [22/11/2010 12:16 VALR 91841]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    2008-03-01 12:58 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contenu du dossier 'Tâches planifiées'

    2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 17:11]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mdayyn8s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mdayyn8s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mdayyn8s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-CmPCIaudio - cmicnfg3.cpl



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-23 07:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(776)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\scecli.dll
    .
    Heure de fin: 2010-11-23 07:04:57
    ComboFix-quarantined-files.txt 2010-11-23 06:04
    ComboFix2.txt 2010-11-21 12:34

    Avant-CF: 69 769 199 616 octets libres
    Après-CF: 70 222 278 656 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - AE8DCD797F316D189C3B4875239FB459

    Contenus similaires
    23 Novembre 2010 12:37:13

    il y a quelqu'un pour m'aider....s'il vous plaît
    23 Novembre 2010 21:58:28

    c'est fait mais j'ai toujours le trojan...
    a c 267 8 Sécurité
    23 Novembre 2010 22:26:19

    Je ne sais pas s'il est possible de réinstaller le SP3 pour remplacer le fichier de Windows infecté.
    11 Décembre 2010 08:18:36

    sam01 a dit :
    Bonjour,

    je suis sous XP Pro SP3, je Kerio et antivir (Avira).
    Mon fichier winlogon.exe est infecté pqar le trojan : TR/Patched.KL.196
    Je ne parviens pas à m'en débarasser...

    Merci pour votre aide.


    allo, as tu essayé d'utiliser un point de restoration ?

    regardes ici http://www.fichier.net/processus/winlogon.exe.html pour plus d'infos sur ce processus. tu peut aussi prendre un CD/DVD de windows et démarrer depuis, et utiliser un autre CD/DVD avec un antivirus.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS