Votre question

Norton security 2009 problème d'installation

Tags :
  • barre de tache
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Mai 2009 19:34:35

Bonjour,
sur un DD vierge j'ai installé XP pro version 2001
Je viens d'acheter norton internet security 2009
Quand je veux l'installer il me demande SP3
quand je veux installer SP3, mon ordi refuse et me signale un spyware
il me desinsinstalle SP3 en me disant que IE a un problème

Quand je reboote je ne peux plus utiliser IE, plus d'accès
et un gros rectangle s'affiche me disant que j'ai un spyware

Que faire ?
Merci par avance............

Autres pages sur : norton security 2009 probleme installation

a c 296 8 Sécurité
5 Mai 2009 19:37:14

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    5 Mai 2009 19:40:54

    merci pour ta réponse rapide mais je n'ai plus accès à IE
    Contenus similaires
    a c 296 8 Sécurité
    5 Mai 2009 19:44:46

    Tu n'as pas un autre PC ou le logiciel Firefox ?
    5 Mai 2009 19:55:31

    j'ai mis mon DD dans un PC sous win98
    la finalité étant d'acceder par le boot menu à win98 où j'ai pas mal de logiciels
    ou à XP pour quelques logiciels qui ne sont plus compatibles
    Pour le moment je teste avec une ancienne version de norton sous win98 pour essayer de voir le spyware
    5 Mai 2009 20:17:32

    merci je vais essayer
    Pour le moment l'analyse norton se continue.

    Mais sais tu pourquoi il m'a planté, c'est à dire pourquoi pour installer le 2009 j'ai besoin d'installer avant SP3 ?
    a c 296 8 Sécurité
    5 Mai 2009 20:22:06

    Norton 2009 a besoin du SP2 minimum pour fonctionner.
    5 Mai 2009 20:52:01

    merci beaucoup
    Je vais essayer tout ça
    6 Mai 2009 01:30:19

    j'ai utlisé malwarebytes
    donc un grand merci

    j'ai nettoyé ie6 et je l'ai reinstallé
    j'ai telechargé sp2 mais après installation j'ai eu un accès refusé
    donc desinstallation automatique de sp2 et toujours pas d'installation de norton

    d'autre part impossibilité d'installer activix car c'est aussi demandé
    6 Mai 2009 01:35:41

    c'est ce que j'ai fait
    mais il ne veut pas l'installer
    a c 296 8 Sécurité
    6 Mai 2009 01:41:39

    Ton XP est légal ?
    6 Mai 2009 01:45:23

    oui, j'ai un numero de licence
    a c 296 8 Sécurité
    6 Mai 2009 01:55:44

    Tu es sur ton XP actuellement ?
    6 Mai 2009 01:58:48

    oui
    6 Mai 2009 02:11:57

    j'ai le fichier log mais il est très gros et info
    a c 296 8 Sécurité
    6 Mai 2009 02:12:17

    C'est normal.
    6 Mai 2009 02:16:04

    je te les envoie ?
    a c 296 8 Sécurité
    6 Mai 2009 02:19:11

    Oui.
    6 Mai 2009 02:19:32

    VOILA POUR INFO

    info.txt logfile of random's system information tool 1.06 2009-05-06 02:08:44

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACDSee 8-->MsiExec.exe /I{DD54C6DE-B787-406D-A5A7-A49E0471E45B}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Favorit-->"c:\documents and settings\gerard\local settings\application data\kcqic.exe" -uninstall
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Internet Explorer 6 SP1-->rundll32 C:\WINDOWS\System32\setupwbv.dll,IE6Maintenance C:\WINDOWS\IE Uninstall\W2KEXCP.EXE /u
    Portrait Professional 8.1 Trial-->"C:\Program Files\Portrait Professional 8 Trial\unins000.exe"
    Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x9
    Windows Commander (Remove or Repair)-->c:\wincmd\wcuninst.exe

    ======System event log======

    Computer Name: GG-L057UFMRN259
    Event Code: 1005
    Message: Votre ordinateur a détecté que l'adresse IP 192.168.1.2 pour la carte
    avec l'adresse réseau 0008544FB172 est déjà utilisée sur le réseau.
    Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse.

    Record Number: 5
    Source Name: Dhcp
    Time Written: 20070624143153.000000+120
    Event Type: Avertissement
    User:

    Computer Name: GG-L057UFMRN259
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers GG-L057UFMRN259.

    Record Number: 4
    Source Name: EventLog
    Time Written: 20070624143121.000000+120
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 3
    Source Name: EventLog
    Time Written: 20070624134652.000000+120
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 1 Uniprocessor Free.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20070624134652.000000+120
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 2
    Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

    Record Number: 1
    Source Name: Serial
    Time Written: 20070624134714.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: GG-L057UFMRN259
    Event Code: 1517
    Message: Windows a sauvegardé le Registre utilisateur GG-L057UFMRN259\gerard alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


    Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

    Record Number: 92
    Source Name: Userenv
    Time Written: 20090414160040.000000+120
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: GG-L057UFMRN259
    Event Code: 105
    Message: The service was started.

    Record Number: 91
    Source Name: ATI Smart
    Time Written: 20090414153534.000000+120
    Event Type: Informations
    User:

    Computer Name: GG-L057UFMRN259
    Event Code: 1000
    Message: Application défaillante iexplore.exe, version 6.0.2800.1106, module défaillant ntdll.dll, version 5.1.2600.1106, adresse de défaillance 0x0000234c.

    Record Number: 90
    Source Name: Application Error
    Time Written: 20090414001807.000000+120
    Event Type: erreur
    User:

    Computer Name: GG-L057UFMRN259
    Event Code: 4097
    Message: L'application, C:\Program Files\Internet Explorer\IEXPLORE.EXE, a généré une erreur d'application
    L'erreur s'est produite le 04/14/2009 à 00:16:42.015
    L'exception générée était c0000005 à l'adresse 77F4234C (ntdll!stricmp)

    Record Number: 89
    Source Name: DrWatson
    Time Written: 20090414001642.000000+120
    Event Type: Informations
    User:

    Computer Name: GG-L057UFMRN259
    Event Code: 1000
    Message: Application défaillante iexplore.exe, version 6.0.2800.1106, module défaillant ntdll.dll, version 5.1.2600.1106, adresse de défaillance 0x0000234c.

    Record Number: 88
    Source Name: Application Error
    Time Written: 20090414001639.000000+120
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=0701
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    6 Mai 2009 02:21:22

    VOILA POUR LOG

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by gerard at 2009-05-06 02:08:26
    Microsoft Windows XP Professionnel Service Pack 1
    System drive C: has 33 GB (86%) free of 38 GB
    Total RAM: 1023 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:08:34, on 06/05/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\gerard\Bureau\RSIT.exe
    C:\Program Files\trend micro\gerard.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.malwareremoval.com/random/RSIT.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\gnlnldmc.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\gnlnldmc.exe (User 'Default user')
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O11 - Options group: [accessibility] Accessibilité
    O11 - Options group: [browse] Navigation
    O11 - Options group: [crypto] Sécurité
    O11 - Options group: [http] Paramètres HTTP 1.1
    O11 - Options group: [multimedia] Multimédia
    O11 - Options group: [print] Impression en cours
    O11 - Options group: [searching] Rechercher à partir de la barre d'adresses
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 3812 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-05 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-06 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c84d72fe-e17d-4195-bb24-76c02e2e7c4e}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-05 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-05 259696]
    {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2002-08-29 846364]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Ulead AutoDetector v2"=C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-13 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-06-13 118784]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=
    scecli
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoSetActiveDesktop"=0
    "NoActiveDesktopChanges"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoSetActiveDesktop"=
    "NoActiveDesktopChanges"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cdc9dd-224f-11dc-8224-806d6172696f}]
    shell\autorun\command - D:\CDStart.exe
    shell\install\command - D:\Setup.exe


    ======List of files/folders created in the last 1 months======

    2009-05-06 02:08:27 ----D---- C:\Program Files\trend micro
    2009-05-06 02:08:26 ----D---- C:\rsit
    2009-05-06 02:05:09 ----D---- C:\Program Files\NortonInstaller
    2009-05-06 01:43:09 ----D---- C:\WINDOWS\pss
    2009-05-06 01:29:38 ----D---- C:\WINDOWS\Prefetch
    2009-05-06 01:21:06 ----A---- C:\WINDOWS\SET641.tmp
    2009-05-06 01:21:04 ----A---- C:\WINDOWS\System32\SET613.tmp
    2009-05-06 01:21:04 ----A---- C:\WINDOWS\System32\SET611.tmp
    2009-05-06 01:21:04 ----A---- C:\WINDOWS\System32\SET60E.tmp
    2009-05-06 01:21:04 ----A---- C:\WINDOWS\System32\SET606.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET600.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5FC.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5FB.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5F7.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5F1.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5F0.tmp
    2009-05-06 01:21:03 ----A---- C:\WINDOWS\System32\SET5EB.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5E9.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5E6.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5E2.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5DE.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5D8.tmp
    2009-05-06 01:21:02 ----A---- C:\WINDOWS\System32\SET5D0.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5CF.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5CC.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5CB.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C9.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C7.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C6.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C4.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C1.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5C0.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5BF.tmp
    2009-05-06 01:21:01 ----A---- C:\WINDOWS\System32\SET5BD.tmp
    2009-05-06 01:21:00 ----A---- C:\WINDOWS\System32\SET5BC.tmp
    2009-05-06 01:21:00 ----A---- C:\WINDOWS\System32\SET5BB.tmp
    2009-05-06 01:21:00 ----A---- C:\WINDOWS\System32\SET5B5.tmp
    2009-05-06 01:20:59 ----A---- C:\WINDOWS\System32\SET5A0.tmp
    2009-05-06 01:20:59 ----A---- C:\WINDOWS\System32\SET593.tmp
    2009-05-06 01:20:59 ----A---- C:\WINDOWS\System32\SET58E.tmp
    2009-05-06 01:20:59 ----A---- C:\WINDOWS\System32\SET58D.tmp
    2009-05-06 01:20:58 ----A---- C:\WINDOWS\System32\SET579.tmp
    2009-05-06 01:20:58 ----A---- C:\WINDOWS\System32\SET56F.tmp
    2009-05-06 01:20:57 ----A---- C:\WINDOWS\System32\SET561.tmp
    2009-05-06 01:20:57 ----A---- C:\WINDOWS\System32\SET560.tmp
    2009-05-06 01:20:57 ----A---- C:\WINDOWS\System32\SET55F.tmp
    2009-05-06 01:20:57 ----A---- C:\WINDOWS\System32\SET55D.tmp
    2009-05-06 01:20:57 ----A---- C:\WINDOWS\System32\SET559.tmp
    2009-05-06 01:20:56 ----A---- C:\WINDOWS\System32\SET552.tmp
    2009-05-06 01:20:56 ----A---- C:\WINDOWS\System32\SET547.tmp
    2009-05-06 01:20:56 ----A---- C:\WINDOWS\System32\SET542.tmp
    2009-05-06 01:20:56 ----A---- C:\WINDOWS\System32\SET53F.tmp
    2009-05-06 01:20:55 ----A---- C:\WINDOWS\System32\SET52C.tmp
    2009-05-06 01:20:55 ----A---- C:\WINDOWS\System32\SET526.tmp
    2009-05-06 01:20:54 ----A---- C:\WINDOWS\System32\SET519.tmp
    2009-05-06 01:20:54 ----A---- C:\WINDOWS\System32\SET515.tmp
    2009-05-06 01:20:54 ----A---- C:\WINDOWS\System32\SET4FC.tmp
    2009-05-06 01:20:53 ----A---- C:\WINDOWS\System32\SET4F0.tmp
    2009-05-06 01:20:53 ----A---- C:\WINDOWS\System32\SET4E5.tmp
    2009-05-06 01:20:53 ----A---- C:\WINDOWS\System32\SET4D5.tmp
    2009-05-06 01:20:53 ----A---- C:\WINDOWS\System32\SET4CD.tmp
    2009-05-06 01:20:53 ----A---- C:\WINDOWS\System32\SET4CB.tmp
    2009-05-06 01:20:52 ----A---- C:\WINDOWS\System32\SET4C7.tmp
    2009-05-06 01:20:52 ----A---- C:\WINDOWS\System32\SET4BA.tmp
    2009-05-06 01:20:52 ----A---- C:\WINDOWS\System32\SET4B5.tmp
    2009-05-06 01:20:52 ----A---- C:\WINDOWS\System32\SET4B4.tmp
    2009-05-06 01:20:51 ----A---- C:\WINDOWS\System32\SET4AE.tmp
    2009-05-06 01:20:51 ----A---- C:\WINDOWS\System32\SET4AA.tmp
    2009-05-06 01:20:51 ----A---- C:\WINDOWS\System32\SET4A9.tmp
    2009-05-06 01:20:51 ----A---- C:\WINDOWS\System32\SET4A8.tmp
    2009-05-06 01:20:51 ----A---- C:\WINDOWS\System32\SET4A5.tmp
    2009-05-06 01:20:50 ----A---- C:\WINDOWS\System32\SET497.tmp
    2009-05-06 01:20:50 ----A---- C:\WINDOWS\System32\SET493.tmp
    2009-05-06 01:20:49 ----N---- C:\WINDOWS\System32\SET48D.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET48F.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET48A.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET489.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET488.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET487.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET485.tmp
    2009-05-06 01:20:49 ----A---- C:\WINDOWS\System32\SET478.tmp
    2009-05-06 01:20:48 ----A---- C:\WINDOWS\System32\SET477.tmp
    2009-05-06 01:20:48 ----A---- C:\WINDOWS\System32\SET46F.tmp
    2009-05-06 01:20:48 ----A---- C:\WINDOWS\System32\SET45B.tmp
    2009-05-06 01:20:48 ----A---- C:\WINDOWS\System32\SET457.tmp
    2009-05-06 01:20:47 ----A---- C:\WINDOWS\System32\SET451.tmp
    2009-05-06 01:20:47 ----A---- C:\WINDOWS\System32\SET450.tmp
    2009-05-06 01:20:47 ----A---- C:\WINDOWS\System32\SET43F.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET438.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET436.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET435.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET431.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET430.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET427.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET421.tmp
    2009-05-06 01:20:46 ----A---- C:\WINDOWS\System32\SET420.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET41C.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET414.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET40A.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET409.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET408.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET401.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET3F8.tmp
    2009-05-06 01:20:45 ----A---- C:\WINDOWS\System32\SET3F6.tmp
    2009-05-06 01:20:44 ----N---- C:\WINDOWS\System32\SET3E9.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3F1.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3EF.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3EB.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3EA.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E8.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E7.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E6.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E3.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E2.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E1.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3E0.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3DF.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3DA.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3D6.tmp
    2009-05-06 01:20:44 ----A---- C:\WINDOWS\System32\SET3CD.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET3B8.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET3A6.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET3A4.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET39F.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET39E.tmp
    2009-05-06 01:20:43 ----A---- C:\WINDOWS\System32\SET39C.tmp
    2009-05-06 01:20:42 ----N---- C:\WINDOWS\System32\SET381.tmp
    2009-05-06 01:20:42 ----N---- C:\WINDOWS\System32\SET37C.tmp
    2009-05-06 01:20:42 ----A---- C:\WINDOWS\System32\SET382.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET368.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET367.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET362.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET35C.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET35A.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET357.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET352.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET344.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET340.tmp
    2009-05-06 01:20:41 ----A---- C:\WINDOWS\System32\SET33E.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET332.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET330.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET325.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET323.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET31E.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET31D.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET319.tmp
    2009-05-06 01:20:40 ----A---- C:\WINDOWS\System32\SET317.tmp
    2009-05-06 01:20:39 ----A---- C:\WINDOWS\System32\SET316.tmp
    2009-05-06 01:20:39 ----A---- C:\WINDOWS\System32\SET30F.tmp
    2009-05-06 01:20:39 ----A---- C:\WINDOWS\System32\SET300.tmp
    2009-05-06 01:20:39 ----A---- C:\WINDOWS\System32\SET2F3.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2D9.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2D6.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2D5.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2D4.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2D3.tmp
    2009-05-06 01:20:38 ----A---- C:\WINDOWS\System32\SET2CE.tmp
    2009-05-06 01:20:37 ----A---- C:\WINDOWS\System32\SET2AC.tmp
    2009-05-06 01:20:37 ----A---- C:\WINDOWS\System32\SET2AB.tmp
    2009-05-06 01:20:36 ----A---- C:\WINDOWS\System32\SET29D.tmp
    2009-05-06 01:20:36 ----A---- C:\WINDOWS\System32\SET294.tmp
    2009-05-06 01:20:36 ----A---- C:\WINDOWS\System32\SET28C.tmp
    2009-05-06 01:20:36 ----A---- C:\WINDOWS\System32\SET288.tmp
    2009-05-06 01:20:36 ----A---- C:\WINDOWS\System32\SET27F.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET26A.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET269.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET263.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET262.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET25A.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET257.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET256.tmp
    2009-05-06 01:20:35 ----A---- C:\WINDOWS\System32\SET24F.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET247.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET241.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET238.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET237.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET234.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET232.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET230.tmp
    2009-05-06 01:20:34 ----A---- C:\WINDOWS\System32\SET22F.tmp
    2009-05-06 01:20:33 ----A---- C:\WINDOWS\System32\SET214.tmp
    2009-05-06 01:20:33 ----A---- C:\WINDOWS\System32\SET213.tmp
    2009-05-06 01:20:33 ----A---- C:\WINDOWS\System32\SET212.tmp
    2009-05-06 01:20:33 ----A---- C:\WINDOWS\System32\SET211.tmp
    2009-05-06 01:20:32 ----N---- C:\WINDOWS\System32\SET1FC.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET20C.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET20B.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET209.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET205.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET200.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET1F8.tmp
    2009-05-06 01:20:32 ----A---- C:\WINDOWS\System32\SET1EC.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1CD.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1C0.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1BE.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1AF.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1AA.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1A8.tmp
    2009-05-06 01:20:30 ----A---- C:\WINDOWS\System32\SET1A0.tmp
    2009-05-06 01:19:44 ----A---- C:\WINDOWS\002193_.tmp
    2009-05-06 01:18:58 ----A---- C:\WINDOWS\System32\spiisupd.exe
    2009-05-06 01:18:58 ----A---- C:\WINDOWS\System32\asr_pfu.exe
    2009-05-06 01:18:57 ----A---- C:\WINDOWS\System32\hccoin.dll
    2009-05-06 01:18:57 ----A---- C:\WINDOWS\System32\encapi.dll
    2009-05-06 01:18:57 ----A---- C:\WINDOWS\System32\dsprpres.dll
    2009-05-06 01:18:56 ----A---- C:\WINDOWS\System32\xpsp1res.dll
    2009-05-06 01:18:48 ----A---- C:\WINDOWS\System32\pidgen.dll
    2009-05-06 01:18:47 ----A---- C:\WINDOWS\System32\secedit.exe
    2009-05-06 01:18:47 ----A---- C:\WINDOWS\System32\encdec.dll
    2009-05-06 01:18:47 ----A---- C:\WINDOWS\System32\dpcdll.dll
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\wuauclt.exe
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\sbeio.dll
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\sbe.dll
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\mssap.dll
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\msftedit.dll
    2009-05-06 01:18:46 ----A---- C:\WINDOWS\System32\iuengine.dll
    2009-05-06 01:18:45 ----A---- C:\WINDOWS\System32\wuaueng.dll
    2009-05-06 01:18:45 ----A---- C:\WINDOWS\System32\winhttp.dll
    2009-05-06 01:18:45 ----A---- C:\WINDOWS\System32\winbrand.dll
    2009-05-06 01:18:45 ----A---- C:\WINDOWS\System32\qmgr.dll
    2009-05-06 01:18:44 ----A---- C:\WINDOWS\System32\wuauserv.dll
    2009-05-06 01:18:44 ----A---- C:\WINDOWS\System32\cdm.dll
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\schtasks.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\openfiles.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\gpresult.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\gpedit.dll
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\fdeploy.dll
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\eventcreate.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\efsadu.dll
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\cipher.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\asr_fmt.exe
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\appmgr.dll
    2009-05-06 01:18:43 ----A---- C:\WINDOWS\System32\appmgmts.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqsec.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqrtdep.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqrt.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqqm.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqoa.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqlogmgr.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqise.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqdscli.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqbkup.exe
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\mqad.dll
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\logman.exe
    2009-05-06 01:18:42 ----A---- C:\WINDOWS\System32\gptext.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\tlntsvrp.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\tlntsvr.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\tlntsess.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\tlntadmn.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\rsnotify.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\proxycfg.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\nwwks.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\ntbackup.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqutil.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqupgrd.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqtrig.dll
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqtgsvc.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqsvc.exe
    2009-05-06 01:18:41 ----A---- C:\WINDOWS\System32\mqsnap.dll
    2009-05-06 01:18:40 ----A---- C:\WINDOWS\System32\wsecedit.dll
    2009-05-06 01:18:40 ----A---- C:\WINDOWS\System32\tracerpt.exe
    2009-05-06 01:18:18 ----A---- C:\WINDOWS\winhlp32.exe
    2009-05-06 01:18:18 ----A---- C:\WINDOWS\twain_32.dll
    2009-05-06 01:18:18 ----A---- C:\WINDOWS\regedit.exe
    2009-05-06 01:18:18 ----A---- C:\WINDOWS\hh.exe
    2009-05-06 01:18:18 ----A---- C:\WINDOWS\explorer.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\cdfview.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\catsrvut.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\catsrvps.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\catsrv.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\camocx.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\cabview.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\cabinet.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\browsewm.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\browseui.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\browser.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\browselc.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\blackbox.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\bidispl.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\batt.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\batmeter.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\basesrv.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\avifil32.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\autolfn.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\autofmt.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\authz.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\audiosrv.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\atmlib.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\atmfd.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\atmadm.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\atl.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\at.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\asycfilt.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\asferror.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\apphelp.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\amstream.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\alrsvc.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\alg.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\ahui.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\advpack.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\adsnt.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\adsmsext.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\adsldpc.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\adsldp.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\admparse.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\actxprxy.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\actmovie.exe
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\activeds.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\aclui.dll
    2009-05-06 01:18:15 ----A---- C:\WINDOWS\System32\6to4svc.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dmcompos.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dmband.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dmadmin.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dllhost.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\diskpart.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dinput8.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dinput.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\digest.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\diantz.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dgnet.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dfsshlex.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dfrgui.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dfrgsnap.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dfrgntfs.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dfrgfat.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\devmgr.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\devenum.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\defrag.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\ddrawex.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\ddraw.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\ddeshare.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dciman32.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dbnmpntw.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dbnetlib.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dbmsrpcn.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dbghelp.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\davclnt.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\dataclen.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\danim.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\d3dim700.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\d3d8thk.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\d3d8.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\ctfmon.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\csrss.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cscui.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cscript.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cscdll.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptui.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptsvc.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptnet.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptext.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptdll.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cryptdlg.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\crypt32.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\credui.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\corpol.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\conime.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\comuid.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\comsvcs.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\comres.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\compstui.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\compatUI.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\colbact.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cnbjmon.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmutil.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmstp.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmprops.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmmon32.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmdl32.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmdial32.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cmcfg32.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\clusapi.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\clipsrv.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cliconfg.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cliconfg.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cleanmgr.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\clbcatq.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\clbcatex.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cisvc.exe
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\ciodm.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cfgmgr32.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cfgbkend.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cewmdm.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\certmgr.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\certcli.dll
    2009-05-06 01:18:14 ----A---- C:\WINDOWS\System32\cdosys.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\inetcomm.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\inetcfg.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\imm32.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\imgutil.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\imeshare.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\imapi.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ils.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\igmpagnt.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ifmon.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iexpress.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iesetup.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iernonce.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iepeers.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iedkcs32.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ieaksie.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ieakeng.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ie4uinit.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\idq.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\icwphbk.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\icwdial.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\icmp.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\icm32.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iccvid.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\icaapi.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\iasrad.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\htui.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\hotplug.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\hnetwiz.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\hnetcfg.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\hid.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\hhsetup.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\h323msp.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\grpconv.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\gpkrsrc.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\glu32.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\gdi32.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\framebuf.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\fontview.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\fontext.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\fldrclnr.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\findstr.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\filemgmt.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\feclient.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\faultrep.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\extrac32.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\expsrv.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\eventlog.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\eudcedit.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\esent.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\es.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ersvc.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\els.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dxtrans.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dxtmsft.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dxmasf.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dxdiag.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dx8vb.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dx7vb.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dwwin.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dvdupgrd.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\duser.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dumprep.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dswave.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsuiext.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dssenh.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dssec.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsquery.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsprop.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsound3d.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsound.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dskquota.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsdmoprp.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dsdmo.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\ds32gt.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\drprov.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\drmv2clt.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\drmstor.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\drmclien.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpwsockx.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpvvox.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpvsetup.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpvoice.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpvacm.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnsvr.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnlobby.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnhupnp.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnhpast.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnet.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpnaddr.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dpmodemx.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dplayx.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dplaysvr.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dosx.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\docprop2.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dnsrslvr.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dnsapi.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmutil.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmusic.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmsynth.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmstyle.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmserver.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmscript.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmremote.exe
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmloader.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmime.dll
    2009-05-06 01:18:13 ----A---- C:\WINDOWS\System32\dmdskmgr.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mmcbase.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mmc.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mlang.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\miglibnt.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\midimap.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mfcsubs.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mfc42u.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mfc42.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mf3216.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mdminst.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mciwave.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mciseq.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mciqtz32.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mciavi32.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\mcastmib.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\makecab.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\magnify.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\lsass.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\lprhelp.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\lpk.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\logonui.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\logagent.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\localui.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\localsec.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\loadperf.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\lmrt.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\linkinfo.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\licwmi.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\licmgr10.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\licdll.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\laprxy.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\krnl386.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\keymgr.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\kerberos.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\kd1394.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\jsproxy.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\jscript.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\iyuv_32.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ixsso.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\itss.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\itircl.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\isrdbg32.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\isign32.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipxroute.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipv6mon.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipv6.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipsmsnap.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipsecsvc.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipsecsnp.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ippromon.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipnathlp.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\iphlpapi.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\ipconfig.exe
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\inseng.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\input.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\initpki.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\inetres.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\inetppui.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\inetpp.dll
    2009-05-06 01:18:12 ----A---- C:\WINDOWS\System32\inetmib1.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msrating.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msprivs.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mspmsp.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mspbde40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mspatcha.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msorcl32.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msorc32r.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msoert2.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msoeacct.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msnsspc.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msnetobj.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msltus40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mslbui.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msjtes40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msjter40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msjint40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msjetoledb40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msjet40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msisip.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msimtf.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msimsg.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msimg32.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msihnd.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msiexec.exe
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msieftp.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msidle.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msident.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msi.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mshtmler.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mshtmled.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mshtml.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mshta.exe
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msgina.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msexcl40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msexch40.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdxmlc.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdtctm.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdtcprx.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdtclog.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdtc.exe
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdmo.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msdart.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msctfp.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msctf.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mscpxl32.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mscpx32r.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msconf.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mscms.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msasn1.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msapsspc.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msafd.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\msacm32.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mprapi.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mpr.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mpg4dmod.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\moricons.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\modemui.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mobsync.exe
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mobsync.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mnmdd.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mmsystem.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mmfutil.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mmcshext.dll
    2009-05-06 01:18:11 ----A---- C:\WINDOWS\System32\mmcndmgr.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msw3prt.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvidctl.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvfw32.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvcrt40.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvcrt.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvcp60.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvcirt.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msvbvm60.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msutb.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstscax.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstsc.exe
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstlsapi.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstinit.exe
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstime.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstext40.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\mstask.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msscp.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msrle32.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msrepl40.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msrd3x40.dll
    2009-05-06 01:18:10 ----A---- C:\WINDOWS\System32\msrd2x40.dll
    2009-05-06 01:18:09 ----N---- C:\WINDOWS\System32\odbcad32.exe
    2009-05-06 01:18:09 ----N---- C:\WINDOWS\System32\netcfgx.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\oddbse32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbctrac.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcp32r.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcjt32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcji32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcint.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbccu32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbccr32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbccp32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcconf.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcconf.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbcbcp.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbc32gt.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\odbc32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\occache.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\objsel.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\oakley.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntshrui.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntmssvc.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntmsmgr.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntmsdba.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntmsapi.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntmarta.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntlanman.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ntdsapi.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\npptools.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\notepad.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\nmmkcert.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\nlhtml.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\newdev.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netui1.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netui0.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netstat.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netshell.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netsh.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netsetup.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netrap.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netplwiz.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netman.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netlogon.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netid.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netdde.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\netapi32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\net1.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\net.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\nddenb32.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\nddeapir.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\nddeapi.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\ncobjapi.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\narrator.exe
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mydocs.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mtxoci.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mtxclu.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\msyuv.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\msxml3.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\msxml2.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\msxml.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\msxbde40.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mswstr10.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mswsock.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mswmdm.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mswebdvd.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\System32\mswdat10.dll
    2009-05-06 01:18:09 ----A---- C:\WINDOWS\notepad.exe
    2009-05-06 01:18:08 ----N---- C:\WINDOWS\System32\rastls.dll
    2009-05-06 01:18:08 ----N---- C:\WINDOWS\System32\raschap.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\shdoclc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sfcfiles.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sfc_os.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sfc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\setup.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sethc.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\servdeps.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sensapi.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sens.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sendmail.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sendcmsg.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\security.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\secur32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\seclogon.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sdbinst.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\scrrun.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\scrobj.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sclgntfy.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\schedsvc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\scesrv.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\scecli.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\sccsccp.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\scarddlg.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\safrslv.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\safrdm.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\safrcdlg.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\runonce.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rundll32.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rtutils.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rtipxmib.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rtcshare.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rsmps.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rsh.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rsaenh.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rpcss.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rpcrt4.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\riched20.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rexec.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\resutils.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\remotepg.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\regwizc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\regsvr32.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\regsvc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\regapi.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\reg.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\redir.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdshost.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdsaddin.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdpwsx.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdpsnd.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdpdd.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdpclip.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rdchost.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rcp.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rcimlby.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rcbdyctl.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rassapi.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rasppp.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rasphone.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rasmans.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\rasadhlp.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\racpldlg.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\query.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\quartz.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qprocess.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qedwipes.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qedit.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qdvd.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qdv.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qcap.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\qasf.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pstorsvc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pstorec.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\psbase.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\psapi.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\proquota.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\progman.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\profmap.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\powrprof.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\polstore.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pngfilt.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pjlmon.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\ping.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pid.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\photowiz.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\perfproc.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\perfos.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\perfmon.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\perfdisk.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pdh.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\pautoenr.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\packager.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\osuninst.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\osk.exe
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\opengl32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\olepro32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\oleprn.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\ole32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\offfilt.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\odtext32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\odpdx32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\odfox32.dll
    2009-05-06 01:18:08 ----A---- C:\WINDOWS\System32\odexl32.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\taskmgr.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\tapisrv.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\tapi32.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\tapi3.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\t2embed.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sysocmgr.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\syncui.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\synceng.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sxs.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\svchost.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\strmdll.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\storprop.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\stobject.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\stimon.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sti_ci.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sti.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\ssdpsrv.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\ssdpapi.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\srsvc.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\srrstr.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\srclient.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sqlunirl.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sqlsrv32.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\spoolsv.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\spoolss.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\snmpsnap.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\snmpapi.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\smlogsvc.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\smlogcfg.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\slbiop.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\slbcsp.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\slayerxp.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\skeys.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sigverif.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\sigtab.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shutdown.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shsvcs.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shscrap.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shrpubw.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shmgrate.exe
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shmedia.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shlwapi.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shimgvw.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shimeng.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shgina.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shfolder.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shell32.dll
    2009-05-06 01:18:07 ----A---- C:\WINDOWS\System32\shdocvw.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmvdmod.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmvcore.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmstream.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmsdmoe.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmsdmod.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmpui.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmpshell.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmploc.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmpcore.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmpcd.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmnetmgr.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmi.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmdmps.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmdmlog.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmasf.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmadmoe.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wmadmod.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wlnotify.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wldap32.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winver.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wintrust.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winsta.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winsrv.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winscard.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winrnr.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winntbbu.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winmm.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winlogon.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\winipsec.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wininet.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiavideo.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiashext.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiaservc.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiascr.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiadss.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiadefui.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wiaacmgr.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wextract.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\webvw.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\webclnt.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\webcheck.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\wdigest.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\w32time.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vssvc.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vssapi.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\version.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vdmredir.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vdmdbg.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vbscript.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\vbajet32.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\uxtheme.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\utilman.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\usp10.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\userenv.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\user32.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\usbui.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\usbmon.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\urlmon.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\url.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\ups.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\upnpui.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\upnphost.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\upnpcont.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\upnp.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\uniplat.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\unimdmat.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\umpnpmgr.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\umandlg.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\udhisapi.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\txflog.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\tsddd.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\tscupgrd.exe
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
    2009-05-06 01:18:06 ----A---- C:\WINDOWS\System32\trkwks.dll
    2009-05-06 01:18:06 ----A--
    a c 296 8 Sécurité
    6 Mai 2009 02:26:56

    Le rapport log ne passe pas entièrement, peux-tu me l'envoyer par mail ? (Clique sur mon pseudo pour l'avoir)
    6 Mai 2009 02:34:59

    c'est parti
    a c 296 8 Sécurité
    6 Mai 2009 02:39:06

    Tu es bien infecté.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    6 Mai 2009 03:19:49

    après un nettoyage, j'ai relancé SP2, c'est toujours refusé...........
    a c 296 8 Sécurité
    6 Mai 2009 03:20:30

    Tu as le rapport de ComboFix ?
    6 Mai 2009 03:25:20

    je te l'ai envoyé par email

    ComboFix 09-05-05.03 - gerard 06/05/2009 2:46.1 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.1023.850 [GMT 2:00]
    Lancé depuis: c:\documents and settings\gerard\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\_003490_.tmp.dll
    c:\windows\system32\_003632_.tmp.dll
    c:\windows\system32\_003633_.tmp.dll
    c:\windows\system32\_003634_.tmp.dll
    c:\windows\system32\_003635_.tmp.dll
    c:\windows\system32\_003642_.tmp.dll
    c:\windows\system32\_003643_.tmp.dll
    c:\windows\system32\_003644_.tmp.dll
    c:\windows\system32\_003646_.tmp.dll
    c:\windows\system32\_003647_.tmp.dll
    c:\windows\system32\_003650_.tmp.dll
    c:\windows\system32\_003651_.tmp.dll
    c:\windows\system32\_003654_.tmp.dll
    c:\windows\system32\_003657_.tmp.dll
    c:\windows\system32\_003660_.tmp.dll
    c:\windows\system32\_003665_.tmp.dll
    c:\windows\system32\_003667_.tmp.dll
    c:\windows\system32\_003668_.tmp.dll
    c:\windows\system32\_003670_.tmp.dll
    c:\windows\system32\_003672_.tmp.dll
    c:\windows\system32\_003673_.tmp.dll
    c:\windows\system32\_003674_.tmp.dll
    c:\windows\system32\_003675_.tmp.dll
    c:\windows\system32\_003677_.tmp.dll
    c:\windows\system32\_003679_.tmp.dll
    c:\windows\system32\_003680_.tmp.dll
    c:\windows\system32\_003681_.tmp.dll
    c:\windows\system32\_003685_.tmp.dll
    c:\windows\system32\_003688_.tmp.dll
    c:\windows\system32\_003893_.tmp.dll
    c:\windows\system32\_004047_.tmp.dll
    c:\windows\system32\_004048_.tmp.dll
    c:\windows\system32\_004049_.tmp.dll
    c:\windows\system32\_004050_.tmp.dll
    c:\windows\system32\_004057_.tmp.dll
    c:\windows\system32\_004058_.tmp.dll
    c:\windows\system32\_004059_.tmp.dll
    c:\windows\system32\_004060_.tmp.dll
    c:\windows\system32\_004062_.tmp.dll
    c:\windows\system32\_004063_.tmp.dll
    c:\windows\system32\_004066_.tmp.dll
    c:\windows\system32\_004067_.tmp.dll
    c:\windows\system32\_004070_.tmp.dll
    c:\windows\system32\_004071_.tmp.dll
    c:\windows\system32\_004073_.tmp.dll
    c:\windows\system32\_004074_.tmp.dll
    c:\windows\system32\_004076_.tmp.dll
    c:\windows\system32\_004077_.tmp.dll
    c:\windows\system32\_004082_.tmp.dll
    c:\windows\system32\_004084_.tmp.dll
    c:\windows\system32\_004085_.tmp.dll
    c:\windows\system32\_004087_.tmp.dll
    c:\windows\system32\_004089_.tmp.dll
    c:\windows\system32\_004090_.tmp.dll
    c:\windows\system32\_004091_.tmp.dll
    c:\windows\system32\_004092_.tmp.dll
    c:\windows\system32\_004093_.tmp.dll
    c:\windows\system32\_004096_.tmp.dll
    c:\windows\system32\_004097_.tmp.dll
    c:\windows\system32\_004098_.tmp.dll
    c:\windows\system32\_004099_.tmp.dll
    c:\windows\system32\_004100_.tmp.dll
    c:\windows\system32\_004105_.tmp.dll
    c:\windows\system32\ak1.exe
    c:\windows\system32\drivers\ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm.sys
    c:\windows\system32\ovfsthcecwikarfyfqqagexlnbmsdxmycotuol.dat
    c:\windows\system32\ovfsthfnpqsppvnvpeoypxjxqguioufywdcpju.dat
    c:\windows\system32\ovfsthimotfqppkesoxpaerxmqhwndqkqjwbhw.dll
    c:\windows\system32\ovfsththkdibilanxrimtnhjxogiikfsbangno.dll
    c:\windows\system32\ovfsthwgamvvrclfpftctdihcloteieycwyrte.dll
    c:\windows\system32\uniq.tll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthfwbxxtkipcxngfvmyrblxrmmametkyav


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-06 au 2009-05-06 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-06 00:08 . 2009-05-06 00:08 -------- d-----w c:\program files\trend micro
    2009-05-06 00:08 . 2009-05-06 00:08 -------- d-----w C:\rsit
    2009-05-06 00:05 . 2009-05-06 00:05 -------- d-----w c:\program files\NortonInstaller
    2009-05-05 23:17 . 2002-08-29 07:44 107520 ------w c:\windows\system32\dllcache\acxtrnal.dll
    2009-05-05 23:17 . 2002-08-29 07:44 255488 ------w c:\windows\system32\dllcache\acverfyr.dll
    2009-05-05 23:17 . 2002-08-29 07:44 406528 ------w c:\windows\system32\dllcache\aclayers.dll
    2009-05-05 23:17 . 2002-08-29 07:44 125440 ------w c:\windows\system32\dllcache\aclua.dll
    2009-05-05 23:17 . 2002-08-29 07:44 219136 ------w c:\windows\system32\dllcache\acspecfc.dll
    2009-05-05 23:17 . 2002-08-29 08:44 1818624 ------w c:\windows\system32\dllcache\acgenral.dll
    2009-05-05 21:53 . 2009-05-05 21:53 -------- d-----w c:\windows\IE Uninstall
    2009-05-05 21:46 . 2009-05-05 21:46 -------- d-----w c:\windows\Application Data
    2009-05-05 21:29 . 2009-05-05 21:29 -------- d-----w c:\windows\Fichiers d'installation de Windows Update
    2009-05-05 21:08 . 2009-05-05 21:08 -------- d--h--w c:\windows\msdownld.tmp
    2009-05-05 21:07 . 2009-05-05 21:07 -------- d-----w c:\windows\Windows Update Setup Files
    2009-05-05 20:03 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\documents and settings\gerard\Application Data\Malwarebytes
    2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-05 20:02 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-05 16:42 . 2009-05-05 16:42 -------- d-----w C:\Google
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\system32\fr-fr
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\provisioning
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\l2schemas
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\system32\fr
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\system32\bits
    2009-05-05 16:37 . 2009-05-05 16:37 -------- d-----w c:\windows\peernet
    2009-05-05 16:33 . 2007-08-10 06:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
    2009-05-05 16:31 . 2001-10-04 09:54 19456 ----a-w c:\windows\system32\dllcache\cacls.exe
    2009-05-05 16:28 . 2009-05-05 16:28 -------- d-----w c:\windows\system32\CatRoot_bak
    2009-05-05 16:03 . 2009-05-05 16:03 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-04-15 15:26 . 1999-10-15 10:50 1056768 ------w c:\windows\system32\ROBOEX32.DLL
    2009-04-15 15:26 . 2006-07-22 17:37 49152 ------w c:\windows\system32\INETWH32.dll
    2009-04-15 15:26 . 2009-04-15 15:26 -------- d-----w c:\program files\Fichiers communs\Ulead Systems
    2009-04-15 15:26 . 2009-04-15 15:26 -------- d-----w c:\program files\Ulead Systems
    2009-04-15 15:26 . 2009-04-15 15:26 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
    2009-04-15 15:25 . 2009-04-15 15:25 -------- d-----w c:\windows\installers
    2009-04-15 15:15 . 2008-05-01 16:23 12357751 ----a-w c:\program files\Portable Portrait Professional Max 6.3.5.exe
    2009-04-15 15:04 . 2009-04-15 15:04 -------- d-----w c:\documents and settings\gerard\Application Data\Thinstall
    2009-04-14 23:47 . 2009-04-14 23:47 -------- d---a-w C:\Adobe(R) Photoshop(R) CS2
    2009-04-13 22:36 . 2009-04-13 22:36 0 ----a-w c:\windows\nsreg.dat
    2009-04-13 22:36 . 2009-04-13 22:36 -------- d-----w c:\documents and settings\gerard\Local Settings\Application Data\Mozilla
    2009-04-13 22:11 . 2002-11-14 08:19 36864 ----a-r c:\windows\system32\deluidrv.exe
    2009-04-13 22:11 . 2002-11-14 08:19 32768 ----a-r c:\windows\system32\delentry.exe
    2009-04-13 22:11 . 2003-02-20 17:02 57344 ----a-r c:\windows\system32\usbmonit.exe
    2009-04-13 22:11 . 2002-12-03 15:24 22260 ----a-r c:\windows\system32\drivers\geneuide.sys
    2009-04-13 22:11 . 2009-04-13 22:11 -------- d-----w C:\driver
    2009-04-13 21:50 . 2009-04-13 21:50 155 ----a-w c:\windows\system32\SelfDel.bat
    2009-04-13 17:18 . 2009-05-06 00:50 109010 ----a-w c:\windows\system32\drivers\5bd63567.sys
    2009-04-13 15:43 . 2009-04-13 15:43 -------- d-sh--w C:\FOUND.000
    2009-04-12 12:59 . 2009-04-12 12:59 -------- d-----w c:\program files\Portrait Professional 8 Trial
    2009-04-12 12:39 . 2009-04-12 12:39 -------- d-----w c:\program files\Fichiers communs\Adobe
    2009-04-12 12:30 . 2009-04-12 12:30 -------- d-----w c:\documents and settings\gerard\Local Settings\Application Data\Adobe
    2009-04-12 12:22 . 2009-04-12 12:22 -------- d-----w c:\program files\Fichiers communs\Vbox

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-05 21:33 . 2001-10-04 09:56 367658 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-05 21:33 . 2001-10-04 09:56 48616 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-05 16:31 . 2009-05-05 16:31 23040 ----a-w c:\windows\system32\loader49.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    S3 aida32driver;AIDA32Driver;c:\program files\AIDA32 - Personal System Information\aida32.sys [23/02/2004 04:07 3584]
    S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/05/2009 22:03 38496]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - alg
    *NewlyCreated* - ipnat
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)
    HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\gnlnldmc.exe
    Notify-dimsntfy - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.fr/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-06 02:50
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567]
    "ImagePath"="\SystemRoot\System32\drivers\5bd63567.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(708)
    c:\windows\System32\ODBC32.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(764)
    c:\windows\System32\dssenh.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\System32\msi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\SYSTEM32\ATI2EVXX.EXE
    c:\windows\SYSTEM32\ATI2EVXX.EXE
    c:\windows\system32\WBEM\WMIADAP.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-06 2:51 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-06 00:51

    Avant-CF: 34 478 817 280 octets libres
    Après-CF: 34 447 360 000 octets libres

    winxpsp1_fr_pro_bf.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect

    220
    a c 296 8 Sécurité
    6 Mai 2009 03:29:13

    Tu n'as pas pu installer le SP2 après le passage de ComboFix ?
    6 Mai 2009 03:32:08

    non, il a fait pareil
    j'ai récuperé mon lecteur de cartes et des icones
    a c 296 8 Sécurité
    6 Mai 2009 03:33:47

    Et le SP3 ?
    6 Mai 2009 03:35:47

    j'ai pas essayé
    a c 296 8 Sécurité
    6 Mai 2009 03:38:19

    Je vais dormir, essaie le SP2 et SP3 après cette manip' :

    /!\ Seul gleyne peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\windows\system32\drivers\5bd63567.sys
    c:\windows\system32\loader49.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567]


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    6 Mai 2009 03:41:14

    ok, merci
    je vois ça

    Bonne nuit
    6 Mai 2009 04:30:39

    j'ai fait ta manip
    mais ni sp2 ni sp3 ne s'installe :( 
    donc pas de norton et pas d'antivirus.....
    a c 296 8 Sécurité
    6 Mai 2009 13:45:11

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    6 Mai 2009 14:36:25

    ça scanne !
    il y a encore du monde à l'interieur !!
    6 Mai 2009 17:40:44

    VOILA LE RAPPORT



    Avira AntiVir Personal
    Report file date: mercredi 6 mai 2009 14:27

    Scanning for 1380976 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 1) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : GG-L057UFMRN259

    Version information:
    BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
    AVSCAN.EXE : 9.0.3.5 466689 Bytes 06/05/2009 12:23:44
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:26
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:50
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:54
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:38
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:28
    ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 12:23:42
    ANTIVIR3.VDF : 7.1.3.161 119808 Bytes 06/05/2009 12:23:42
    Engineversion : 8.2.0.160
    AEVDF.DLL : 8.1.1.1 106868 Bytes 06/05/2009 12:23:42
    AESCRIPT.DLL : 8.1.1.79 385403 Bytes 06/05/2009 12:23:42
    AESCN.DLL : 8.1.1.10 127348 Bytes 06/05/2009 12:23:42
    AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:42
    AEPACK.DLL : 8.1.3.14 397685 Bytes 06/05/2009 12:23:42
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:58
    AEHEUR.DLL : 8.1.0.122 1737080 Bytes 06/05/2009 12:23:42
    AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:58
    AEGEN.DLL : 8.1.1.39 348532 Bytes 06/05/2009 12:23:42
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
    AECORE.DLL : 8.1.6.9 176500 Bytes 06/05/2009 12:23:42
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:48:00
    AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:16
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:30
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:10
    AVARKT.DLL : 9.0.0.3 292609 Bytes 06/05/2009 12:23:42
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:10
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:50
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:34
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:12
    RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:46
    RCTEXT.DLL : 9.0.37.0 86785 Bytes 06/05/2009 12:23:42

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, E:, F:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: mercredi 6 mai 2009 14:27

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\imagepath
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\type
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\start
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\errorcontrol
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\extparamd
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5bd63567\f96zk6npb
    [INFO] The registry entry is invisible.
    '18744' objects were checked, '6' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    22 processes with 22 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '44' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT-XP>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\WINDOWS\system32\drivers\5bd63567.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004393.sys
    [DETECTION] Contains recognition pattern of the RKIT/Agent.iuc root kit
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004394.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004395.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004396.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthimotfqppkesoxpaerxmqhwndqkqjwbhw.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsththkdibilanxrimtnhjxogiikfsbangno.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthwgamvvrclfpftctdihcloteieycwyrte.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm_.sys.zip
    [0] Archive type: ZIP
    --> ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm.sys
    [DETECTION] Contains recognition pattern of the RKIT/Agent.iuc root kit
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm.sys.vir
    [DETECTION] Contains recognition pattern of the RKIT/Agent.iuc root kit
    Begin scan in 'E:\' <PHOTO>
    E:\aaa-SITES\a-site-gerardleyne\SOIREES\soiree-05-06-04\TN_IMG_0191.JPG
    [DETECTION] Is the TR/Dropper.Gen Trojan
    E:\TRANSFERT\PhotoFiltre.Studio.v9.0.Incl.Keymaker-CORE.zip
    [0] Archive type: ZIP
    --> PhotoFiltre.Studio.v9.0.Incl.Keymaker-CORE/keygen.exe
    [DETECTION] Is the TR/Delf.114688 Trojan
    E:\TRANSFERT\Adobe Photoshop CS2 9[1].0.2.rar
    [0] Archive type: RAR
    --> keygen.exe
    [DETECTION] Is the TR/Drop.Agent.bowl Trojan
    E:\TRANSFERT\Nero-7.0.1.2_fra.exe
    [0] Archive type: RAR SFX (self extracting)
    --> Cab\1B05D29F.cab
    [1] Archive type: CAB (Microsoft)
    --> AMCDOM656B2935.dll
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    E:\TRANSFERT\ADOBE-CS\Adobe_CS2_KeyGen.zip
    [0] Archive type: ZIP
    --> Keygen Photoshop CS2 Fr.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    E:\TRANSFERT\ADOBE-CS\Adobe_Photoshop_CS2_keygen-PARADOX.rar
    [0] Archive type: RAR
    --> keygen.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    E:\TRANSFERT\TRANSPORT\Adobe Photoshop CS2\keygen\Keygen Photoshop CS2 Fr.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    Begin scan in 'F:\' <DISQUE-3>
    F:\WINDOWS\INF\ALCHEM.INF
    [DETECTION] Is the TR/Dldr.Alchemic.B Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55CB51EB.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55CB51EB.exe
    [DETECTION] Is the TR/Killav.DT.1 Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\293D1B4A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BD2145A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3135179A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\781D4345.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD13F0A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD46907.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54E8331F.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08C74127.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FCB1159.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61062B3B.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\610C7F33.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39577B92.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14BC532B.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14BF7D27.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C22723.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C65120.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C65120.exe
    [DETECTION] Is the TR/Obfuscated.IO Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15D66297.exe
    [DETECTION] Is the TR/Vundo.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C97B1C.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\354D39FC.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356B33DC.dll
    [0] Archive type: HIDDEN
    --> FIL\\\?\F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356B33DC.dll
    [DETECTION] Contains recognition pattern of the DIAL/302188 dialer
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356E5DD8.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356E5DD8.exe
    [DETECTION] Contains recognition pattern of the DIAL/000181 dialer
    --> dialer.exe
    [DETECTION] Contains recognition pattern of the DIAL/94208.A.25 dialer
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60262AD9.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4E981395.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\56915490.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\56915490.exe
    [DETECTION] Is the TR/Dldr.Zlob.mop Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5DAE2F79.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EE1593B.exe
    [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
    F:\Program Files\ddm\6926\SaveInstCmS.exe
    [0] Archive type: RSRC
    --> Object
    [1] Archive type: CAB (Microsoft)
    --> SaveUninst.exe
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.AF adware or spyware
    --> Object
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.1 adware or spyware
    --> Sync.exe
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.V adware or spyware
    --> Uninst.exe
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.V.1 adware or spyware
    --> Object
    [1] Archive type: CAB (Microsoft)
    --> Search.exe
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.L adware or spyware
    --> Uninst.exe
    [DETECTION] Contains recognition pattern of the ADSPY/SaveNow.F adware or spyware
    [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
    F:\Program Files\Zero Popup\Crack.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    F:\Program Files\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe
    [DETECTION] Is the TR/Agent.92640.A Trojan

    Beginning disinfection:
    C:\WINDOWS\system32\drivers\5bd63567.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
    [WARNING] The source file could not be found.
    [NOTE] Attempting to perform action using the ARK library.
    [NOTE] The file was moved to '4a65ae5b.qua'!
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004393.sys
    [DETECTION] Contains recognition pattern of the RKIT/Agent.iuc root kit
    [NOTE] The file was moved to '4a31ae2c.qua'!
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004394.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4f2e95bd.qua'!
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004395.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '49a0f245.qua'!
    C:\System Volume Information\_restore{757891E3-A338-4D08-8DB1-C9DFE84BB846}\RP18\A0004396.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4f2a8a1d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthimotfqppkesoxpaerxmqhwndqkqjwbhw.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4a67ae72.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsththkdibilanxrimtnhjxogiikfsbangno.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4f402c03.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthwgamvvrclfpftctdihcloteieycwyrte.dll.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4e8cd11b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm_.sys.zip
    [NOTE] The file was moved to '4a77ae6b.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthbrnrxubrdlxoeuwswvjbnoekvdylbibm.sys.vir
    [DETECTION] Contains recognition pattern of the RKIT/Agent.iuc root kit
    [NOTE] The file was moved to '4e950053.qua'!
    E:\aaa-SITES\a-site-gerardleyne\SOIREES\soiree-05-06-04\TN_IMG_0191.JPG
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '4a60ae4a.qua'!
    E:\TRANSFERT\PhotoFiltre.Studio.v9.0.Incl.Keymaker-CORE.zip
    [NOTE] The file was moved to '4a70ae64.qua'!
    E:\TRANSFERT\Adobe Photoshop CS2 9[1].0.2.rar
    [NOTE] The file was moved to '4a70ae60.qua'!
    E:\TRANSFERT\ADOBE-CS\Adobe_CS2_KeyGen.zip
    [NOTE] The file was moved to '4e99c1b9.qua'!
    E:\TRANSFERT\ADOBE-CS\Adobe_Photoshop_CS2_keygen-PARADOX.rar
    [NOTE] The file was moved to '4e9f38a9.qua'!
    E:\TRANSFERT\TRANSPORT\Adobe Photoshop CS2\keygen\Keygen Photoshop CS2 Fr.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    [NOTE] The file was moved to '4a7aae62.qua'!
    F:\WINDOWS\INF\ALCHEM.INF
    [DETECTION] Is the TR/Dldr.Alchemic.B Trojan
    [NOTE] The file was moved to '4a44ae49.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55CB51EB.exe
    [NOTE] The file was moved to '4a44ae32.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\293D1B4A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a34ae36.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BD2145A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a45ae3f.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3135179A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a34ae2e.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\781D4345.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a32ae35.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD13F0A.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a45ae40.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD46907.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4f4787f9.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54E8331F.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a46ae31.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08C74127.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a44ae35.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FCB1159.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a44ae43.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61062B3B.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a31ae2e.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\610C7F33.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4f39fe9f.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39577B92.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a36ae36.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14BC532B.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a43ae31.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14BF7D27.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4f48c63a.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C22723.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a44ae31.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C65120.exe
    [NOTE] The file was moved to '4f49d9aa.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15D66297.exe
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4a45ae32.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14C97B1C.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4f4b291b.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\354D39FC.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a35ae33.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356B33DC.dll
    [NOTE] The file was moved to '4a37ae33.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356E5DD8.exe
    [NOTE] The file was moved to '4f2530b4.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60262AD9.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a33ae2e.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4E981395.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '4a3aae43.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\56915490.exe
    [NOTE] The file was moved to '4a3aae34.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5DAE2F79.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '4a42ae42.qua'!
    F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EE1593B.exe
    [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
    [NOTE] The file was moved to '4a46ae43.qua'!
    F:\Program Files\ddm\6926\SaveInstCmS.exe
    [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
    [NOTE] The file was moved to '4a77ae5f.qua'!
    F:\Program Files\Zero Popup\Crack.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE] The file was moved to '4a62ae70.qua'!
    F:\Program Files\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe
    [DETECTION] Is the TR/Agent.92640.A Trojan
    [NOTE] The file was moved to '4a54ae6c.qua'!


    End of the scan: mercredi 6 mai 2009 17:34
    Used time: 2:50:54 Hour(s)

    The scan has been done completely.

    21005 Scanned directories
    595312 Files were scanned
    54 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    47 Files were moved to quarantine
    0 Files were renamed
    2 Files cannot be scanned
    595256 Files not concerned
    2913 Archives were scanned
    4 Warnings
    48 Notes
    18744 Objects were scanned with rootkit scan
    6 Hidden objects were found

    a c 296 8 Sécurité
    6 Mai 2009 17:48:37

    Tu peux essayer un Service Pack.
    6 Mai 2009 17:52:46

    je viens de rebooter comme demandé et j'essaie
    il a passé quelques minutes ......
    j'y vais
    6 Mai 2009 18:07:15

    refus de sp2
    j'essaie sp3
    6 Mai 2009 18:36:25

    refus de sp3 :( 
    a c 296 8 Sécurité
    6 Mai 2009 19:13:05

    Je pense qu'il faudrait formater et réinstaller Windows en pensant à sauvegarder tous les documents que tu souhaites garder.
    6 Mai 2009 19:26:54

    je vais voir ça
    Pour le moment j'ai oublié mon CD chez mon père.
    j'y retourne en juin

    en tout cas merci beaucoup pour ton aide
    je te tiendrai au courant
    Amicalement
    a c 296 8 Sécurité
    6 Mai 2009 19:28:38

    Ok, pas de problème.
    6 Juin 2009 03:36:49

    Bonjour,
    voilà j'ai récupéré le CD de Windows XP
    J'ai reformaté mon DD en FAT32
    XP n'a pas voulu s'installé alors qu'il l'avait fait la première fois
    Donc formatage en NTFS et installation
    Puis installation de SP3 sans problème et enfin de norton2009 puisque c'était pour lui

    Le but étant de travailler soit en WIN98SE soit en XP, mon DD XP n'est plus visible sous 98 !!

    Autre problème le defilement vertical des pages se fait sous forme de vagues !
    C'est peut-être un réglage ?

    En tout cas merci

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS