Votre question

Ordinateur infécté, besoin d'aide merci bcp

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Avril 2009 18:50:39

Salut,

J'ai un icône dans ma barre d'outil (une rond rouge avec un X blanc)
Qd je clique dessus ca m'amene sur un site de spyware et d'antivirus. De plus, mon gestionnaire de tâche est désactivé.
J'ai toujours des pop up de sécurité " YOUR COMPUTER IS INFECTED! IT IS RECOMMENDED TO START SPYWARE CLEANER TOOL"

Que faire??? Je suis vraiment à bout de ressources.

Voici un logfile avec HiJack This mais j'ai l'impression qu'il ne liste pas tous les Running processes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:44, on 27/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\frmwrk32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\ntdll64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\Windows\TEMP\gv5b0kvc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Windows\TEMP\gv5b0kvc.exe (User 'Default user')
O4 - Startup: _uninst_.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.boursorama.com/404.html
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSN...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7769 bytes

Autres pages sur : ordinateur infecte besoin aide merci bcp

a c 327 8 Sécurité
27 Avril 2009 18:52:05

Bonjour,

  • Désactive l'UAC le temps de la désinfection.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    27 Avril 2009 19:46:08

    merci bcp pour ta reponse, je poste ce que tu m'as demandé, merci encore.


    ComboFix 09-04-27.01 - zab 27/04/2009 19:17.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3071.1827 [GMT 2:00]
    Lancé depuis: c:\users\zab\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Outdated)
    FW: Norton Internet Security *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\zab\AppData\Local\Temp\mousehook.dll
    c:\users\zab\AppData\Local\Temp\ntdll64.dll
    c:\windows\system32\acovcnt.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\ahtn.htm
    c:\windows\system32\ak1.exe
    c:\windows\system32\drivers\ovfsthxvmkieixd.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\frmwrk32.exe
    c:\windows\system32\ntdll64.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\ovfsthxfrbfpnsh.dll
    c:\windows\system32\ovfsthxmmrjwwni.dll
    c:\windows\system32\ovfsthxofdldegw.dll
    c:\windows\system32\ovfsthxqouolhyv.dat
    c:\windows\system32\ovfsthxrpcftmyy.dat
    c:\windows\system32\p2hhr.bat
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\uniq.tll
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\warning.gif
    c:\windows\system32\win32hlp.cnf
    c:\windows\system32\WS2Fix.exe
    c:\windows\system32\yhs783ijfo3fe.dll
    c:\windows\Temp\1035655648.exe
    c:\windows\Temp\1586930352.exe
    c:\windows\Temp\2381196544.exe
    c:\windows\Temp\2381436544.exe
    c:\windows\Temp\882619648.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthxbvdemaaj


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-27 16:46 . 2009-04-27 16:46 -------- d-----w c:\program files\Trend Micro
    2009-04-27 16:13 . 2009-04-27 16:13 -------- d-----w c:\program files\CCleaner
    2009-04-27 16:11 . 2009-01-18 21:30 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-27 16:09 . 2009-04-27 16:10 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-04-27 16:09 . 2009-04-27 16:09 -------- d-----w c:\program files\Lavasoft
    2009-04-27 16:09 . 2009-04-27 16:11 -------- d-----w c:\programdata\Lavasoft
    2009-04-27 15:54 . 2009-04-27 16:17 -------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-04-27 15:54 . 2009-04-27 15:56 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w c:\programdata\is-MH39J
    2009-04-27 15:51 . 2009-04-27 17:00 9648160 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-04-27 15:08 . 2009-04-27 15:08 24064 ----a-w c:\windows\system32\loader266.exe
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Links
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Searches
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Music
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Videos
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Documents
    2009-04-27 10:48 . 2009-04-27 11:27 -------- d-----w c:\users\zab\AppData\Roaming\Download Manager

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-27 17:36 . 2007-04-18 08:33 12 ----a-w c:\windows\bthservsdp.dat
    2009-04-27 17:22 . 2007-04-18 09:09 693588 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-27 17:22 . 2007-04-18 09:09 118450 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-27 17:00 . 2009-04-27 15:51 114140 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-04-27 15:22 . 2008-05-16 08:26 -------- d-----w c:\program files\Symantec
    2009-04-27 15:22 . 2008-05-16 08:27 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-27 15:22 . 2008-05-16 08:27 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-27 15:22 . 2008-05-16 08:27 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-27 15:10 . 2008-07-17 11:11 7592 ----a-w c:\users\zab\AppData\Local\d3d9caps.dat
    2009-04-27 14:13 . 2008-09-17 12:49 -------- d-----w c:\program files\Java
    2009-04-27 14:04 . 2008-05-16 15:37 -------- d-----w c:\program files\WinamaxPoker
    2009-04-26 20:24 . 2008-09-17 12:57 -------- d-----w c:\program files\Azureus
    2009-04-26 17:49 . 2008-05-17 10:48 199235 ----a-w c:\users\zab\AppData\Roaming\nvModes.dat
    2009-03-26 11:31 . 2008-05-16 08:31 117576 ----a-w c:\users\zab\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-25 17:22 . 2009-03-25 17:22 -------- d-----w c:\program files\Guitar Pro 4
    2009-03-16 15:07 . 2008-04-26 00:09 -------- d-----w c:\program files\ASUS
    2009-03-15 17:20 . 2009-03-15 17:20 107888 ----a-w c:\windows\system32\CmdLineExt.dll
    2009-03-15 16:40 . 2009-03-15 16:40 -------- d-----w c:\program files\EA GAMES
    2009-03-09 03:19 . 2008-11-05 09:53 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-02-12 15:19 . 2008-05-16 08:14 117192 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-02-12 08:44 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
    2009-02-12 08:44 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-02-12 08:44 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2008-12-14 11:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 ----a-w c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave1"= serwvdrv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{B1B45AD3-AE7A-4647-B764-999599335234}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7132D2C3-09DA-4CC5-BC13-949B8B017C29}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{187B2622-D2B1-4FCD-82F3-254D7560A432}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{33579555-315A-4196-BFA1-D56A19FA23B9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{C86912F5-4DC4-4BCA-A55E-8E8CF3FEB000}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{D642BCB8-49CB-41B2-B084-CEC8FC9CB524}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus.exe
    "UDP Query User{6947D7A4-E2FE-46CF-958B-F1569C60CA3C}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus.exe
    "{43434A01-14D0-4A91-9E04-74A16EFBC252}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{28986903-EC14-4F5F-B434-F91AAF27FA0A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{7AD8CCB0-9AC1-449F-8526-372F34CC5A46}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{D91AE503-83B6-42BF-A5E0-23E0351D1BDE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-05-12 261680]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
    S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-11 99376]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-04-20 47616]
    S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-05-30 1260672]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]


    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - COMHOST
    *Deregistered* - sptd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}]
    \shell\AutoRun\command - F:\
    \shell\explore\Command - RECYCLED\INFO.exe
    \shell\open\Command - RECYCLED\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}]
    \shell\AutoRun\command - m88coaim.exe
    \shell\explore\Command - m88coaim.exe
    \shell\open\Command - m88coaim.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}]
    \shell\AutoRun\command - G:\aub0wb8.cmd
    \shell\explore\Command - G:\aub0wb8.cmd
    \shell\open\Command - G:\aub0wb8.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}]
    \shell\AutoRun\command - m88coaim.exe
    \shell\explore\Command - m88coaim.exe
    \shell\open\Command - m88coaim.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}]
    \shell\AutoRun\command - jiwsxh39.exe
    \shell\explore\Command - jiwsxh39.exe
    \shell\open\Command - jiwsxh39.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af4a884-d5bb-11dd-83aa-001fc655c2be}]
    \shell\AutoRun\command - G:\EmDesk.exe
    \shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b39058a6-c2cb-11dd-aabe-001fc68408ff}]
    \shell\Auto\command - F:\UFO.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3039816-e9fd-11dd-84cc-001fc655c2be}]
    \shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}]
    \shell\AutoRun\command - m88coaim.exe
    \shell\explore\Command - m88coaim.exe
    \shell\open\Command - m88coaim.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b7ad29-62c1-11dd-96ba-001fc655c2be}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}]
    \shell\AutoRun\command - F:\qa8sywva.cmd
    \shell\explore\Command - F:\qa8sywva.cmd
    \shell\open\Command - F:\qa8sywva.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7e980f5-1314-11dd-8e8f-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

    2009-04-27 c:\windows\Tasks\Norton Internet Security - Analyse système complète - zab.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]

    2009-04-27 c:\windows\Tasks\User_Feed_Synchronization-{B8BC3291-F0B8-4718-B237-1C9C446D5F13}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKU-Default-Run-Windows Resurections - c:\windows\TEMP\gv5b0kvc.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    .
    ------- Associations de fichier -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-27 19:38
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\system32\ovfsthxhcrxbseu.dll 60928 bytes executable
    c:\windows\system32\ovfsthxicmxeonr.dat 506 bytes
    c:\windows\system32\ovfsthxqcunvbpn.dll 18432 bytes executable
    c:\windows\system32\ovfsthxwpwfevap.dll 18944 bytes executable
    c:\windows\system32\drivers\ovfsthxvmkieixd.sys 81920 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 5

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\SYSTEM\ControlSet001\Services\ovfsthxbvdemaaj]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxvmkieixd.sys"
    "inst"=dword:00000000

    [HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_USERS\SYSTEM\ControlSet002\Services\ovfsthxbvdemaaj]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxvmkieixd.sys"
    "inst"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(308)
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    c:\program files\Common Files\Symantec Shared\ccL60U.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\System32\wlanext.exe
    c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\wbem\WMIADAP.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-04-27 19:43 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-04-27 17:43

    Avant-CF: 27 664 162 816 octets libres
    Après-CF: 27 559 960 576 octets libres

    312 --- E O F --- 2008-12-14 09:51
    Contenus similaires
    a c 327 8 Sécurité
    27 Avril 2009 19:51:26

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    27 Avril 2009 21:35:54

    ok usbfix travail en ce moment ;)  mais j'ai eu une surprise a mon retour de dinner.
    j'avais laisser l'ordinateur allumé apres avoir terminé combofix et au retour de dinner je vois un ecran bleu ( premiere fois que je le vois) puis reboot puis erreur windows suivante :

    Signature du problème :
    Nom d’événement de problème: BlueScreen
    Version du système: 6.0.6000.2.0.0.768.3
    Identificateur de paramètres régionaux: 1036

    Informations supplémentaires sur le problème :
    BCCode: d1
    BCP1: 8EC11537
    BCP2: 00000002
    BCP3: 00000008
    BCP4: 8EC11537
    OS Version: 6_0_6000
    Service Pack: 0_0
    Product: 768_1

    Fichiers aidant à décrire le problème :
    C:\Windows\Minidump\Mini042709-01.dmp
    C:\Users\zab\AppData\Local\Temp\WER-125315-0.sysdata.xml
    C:\Users\zab\AppData\Local\Temp\WER511B.tmp.version.txt
    a c 327 8 Sécurité
    27 Avril 2009 21:37:25

    ComboFix a supprimé pas mal de cochonneries mais il en reste.

    Je reviens d'ici 20 minutes.
    27 Avril 2009 21:41:53

    merci c'est cool ! ca fait plaisir de tomber sur des qqu pret a rendre service, tu me donneras ton adresse je t'envoie une bouteille de champagne ;) 

    voila le rapport usbfix ...mais t'as vu mon erreur screenbleu ? c'est un peu zarb ca non ?



    ############################## [ UsbFix V3.014 ]

    # User : zab (Administrateurs) # PC-DE-ZAB
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 21:31:18 | 27/04/2009

    # Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    # Internet Explorer 7.0.6000.16764
    # Windows Firewall Status : Disabled
    # AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
    # FW : Norton Internet Security[ (!) Disabled ]2007

    # C:\ # Disque fixe local # 116,44 Go (24,61 Go free) [VistaOS] # NTFS
    # D:\ # Disque fixe local # 108,63 Go (20,39 Go free) [DATA] # NTFS
    # E:\ # Disque CD-ROM # 4,34 Go (0 Mo free) [Sims2DoubleDeluxe] # UDF
    # F:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\StkCSrv.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    HKCU_Main: "Start Page"="http://www.google.fr/"
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    HKLM_Run: ccApp=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]

    Found ! C:\Windows\system32\tmp.txt
    Found ! E:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    Found ! HKLM\software\microsoft\security center\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\G\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\H\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{9af4a884-d5bb-11dd-83aa-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{b39058a6-c2cb-11dd-aabe-001fc68408ff}\Shell\Auto\command
    HKCU\Software\Microsoft\....\MountPoints2\{b39058a6-c2cb-11dd-aabe-001fc68408ff}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{c3039816-e9fd-11dd-84cc-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad29-62c1-11dd-96ba-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\open\Command
    HKCU\Software\Microsoft\....\MountPoints2\{e7e980f5-1314-11dd-8e8f-806e6f6e6963}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]
    27 Avril 2009 21:51:23

    le virus est plus la ...

    tu vois d'autres trucs qui faut que je suprime, d'autres test a faire ?

    si il reste encore des merdas je veux bien que tu m'aide encore...dis moi tout

    en tous cas merci t'es un chef...
    a c 327 8 Sécurité
    27 Avril 2009 21:51:24

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    27 Avril 2009 21:53:15

    "Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir"

    j'ai pas de cle usb, disque dur externe, rien de tous cela ... jamais rien branché dessus
    a c 327 8 Sécurité
    27 Avril 2009 21:55:36

    Fais quand même la manip' puis fais ceci :

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    27 Avril 2009 22:05:06

    nouveau rapport usbfix


    ############################## [ UsbFix V3.014 ]

    # User : zab (Administrateurs) # PC-DE-ZAB
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 22:00:11 | 27/04/2009

    # Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    # Internet Explorer 7.0.6000.16764
    # Windows Firewall Status : Disabled
    # AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
    # FW : Norton Internet Security[ (!) Disabled ]2007

    # C:\ # Disque fixe local # 116,44 Go (24,61 Go free) [VistaOS] # NTFS
    # D:\ # Disque fixe local # 108,63 Go (20,39 Go free) [DATA] # NTFS
    # E:\ # Disque CD-ROM # 4,34 Go (0 Mo free) [Sims2DoubleDeluxe] # UDF
    # F:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\system32\runonce.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\StkCSrv.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\PresentationSettings.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! C:\Windows\system32\tmp.txt
    (!) Not Deleted ! E:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    # HKLM\software\microsoft\security center\\ "UacDisableNotify"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\G\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\H\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2cc4f32f-5001-11dd-8fe7-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5ac5ac04-8173-11dd-b060-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7598dd59-41e9-11dd-94d7-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7af0e99a-34bb-11dd-bbbf-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{8dcc700a-60ad-11dd-9263-001fc68408ff}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9af4a884-d5bb-11dd-83aa-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b39058a6-c2cb-11dd-aabe-001fc68408ff}\Shell\Auto\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b39058a6-c2cb-11dd-aabe-001fc68408ff}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c3039816-e9fd-11dd-84cc-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad26-62c1-11dd-96ba-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d8b7ad29-62c1-11dd-96ba-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e299022e-44fc-11dd-9c69-001fc655c2be}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e7e980f5-1314-11dd-8e8f-806e6f6e6963}\Shell\AutoRun\command

    ################## [ Listing des fichiers présent ]

    [26/07/2007 13:06|-rah-----|1048576] - C:\A7S.BIN
    [10/01/2008 08:38|--a------|1048576] - C:\A7Sn.BIN
    [10/01/2008 08:38|-rah-----|1048576] - C:\A7Sv.BIN
    [18/01/2008 05:10|--a------|16] - C:\A7S_A7SV_A7Sn_VISTA.50
    [18/09/2006 23:43|--a------|24] - C:\autoexec.bat
    [02/11/2006 11:53|-rahs----|438840] - C:\bootmgr
    [18/04/2007 11:26|-ra-s----|8192] - C:\BOOTSECT.BAK
    [04/04/2007 06:01|--a------|19] - C:\CA13.txt
    [27/04/2009 19:43|--a------|18878] - C:\ComboFix.txt
    [18/09/2006 23:43|--a------|10] - C:\config.sys
    [07/01/2009 18:00|--a------|0] - C:\ctapi_out_gr.txt
    [26/04/2008 02:57|--a------|21921] - C:\devlist.txt
    [26/04/2008 02:54|--a------|9] - C:\Finish.log
    [?|?|?] - C:\hiberfil.sys
    [06/11/2008 14:05|-rahs----|0] - C:\IO.SYS
    [06/11/2008 14:05|-rahs----|0] - C:\MSDOS.SYS
    [07/08/2007 23:43|--a------|15] - C:\NERO.LOG
    [17/05/2007 05:35|--a------|15] - C:\NIS2007_A.TXT
    [16/03/2007 01:18|--a------|25] - C:\OFFICE2007_A.TXT
    [?|?|?] - C:\pagefile.sys
    [25/04/2008 13:43|--a------|105] - C:\Pass.txt
    [26/03/2008 13:13|--a------|1730] - C:\Patch.LOG
    [27/04/2009 19:05|--a------|5591] - C:\rapport.txt
    [24/05/2007 00:43|--a------|17] - C:\READER_A.TXT
    [18/01/2008 05:31|--a------|114] - C:\RECOVERY.DAT
    [26/04/2008 02:23|--a------|420] - C:\RHDSetup.log
    [26/04/2008 02:30|--a------|86] - C:\setup.log
    [23/04/2009 19:32|--ah-----|232] - C:\sqmdata00.sqm
    [25/04/2009 15:08|--ah-----|232] - C:\sqmdata01.sqm
    [25/04/2009 19:18|--ah-----|232] - C:\sqmdata02.sqm
    [26/04/2009 16:46|--ah-----|232] - C:\sqmdata03.sqm
    [17/04/2009 15:44|--ah-----|232] - C:\sqmdata04.sqm
    [17/04/2009 15:44|--ah-----|232] - C:\sqmdata05.sqm
    [18/04/2009 18:56|--ah-----|232] - C:\sqmdata06.sqm
    [18/04/2009 19:23|--ah-----|232] - C:\sqmdata07.sqm
    [18/04/2009 19:28|--ah-----|232] - C:\sqmdata08.sqm
    [18/04/2009 19:58|--ah-----|232] - C:\sqmdata09.sqm
    [19/04/2009 01:23|--ah-----|232] - C:\sqmdata10.sqm
    [19/04/2009 01:24|--ah-----|232] - C:\sqmdata11.sqm
    [19/04/2009 16:50|--ah-----|232] - C:\sqmdata12.sqm
    [19/04/2009 17:20|--ah-----|232] - C:\sqmdata13.sqm
    [20/04/2009 19:31|--ah-----|232] - C:\sqmdata14.sqm
    [20/04/2009 23:50|--ah-----|232] - C:\sqmdata15.sqm
    [20/04/2009 23:54|--ah-----|232] - C:\sqmdata16.sqm
    [20/04/2009 23:57|--ah-----|232] - C:\sqmdata17.sqm
    [21/04/2009 00:04|--ah-----|232] - C:\sqmdata18.sqm
    [22/04/2009 19:05|--ah-----|232] - C:\sqmdata19.sqm
    [23/04/2009 19:32|--ah-----|244] - C:\sqmnoopt00.sqm
    [25/04/2009 15:08|--ah-----|244] - C:\sqmnoopt01.sqm
    [25/04/2009 19:18|--ah-----|244] - C:\sqmnoopt02.sqm
    [26/04/2009 16:46|--ah-----|244] - C:\sqmnoopt03.sqm
    [17/04/2009 15:44|--ah-----|244] - C:\sqmnoopt04.sqm
    [17/04/2009 15:44|--ah-----|244] - C:\sqmnoopt05.sqm
    [18/04/2009 18:56|--ah-----|244] - C:\sqmnoopt06.sqm
    [18/04/2009 19:23|--ah-----|244] - C:\sqmnoopt07.sqm
    [18/04/2009 19:28|--ah-----|244] - C:\sqmnoopt08.sqm
    [18/04/2009 19:58|--ah-----|244] - C:\sqmnoopt09.sqm
    [19/04/2009 01:23|--ah-----|244] - C:\sqmnoopt10.sqm
    [19/04/2009 01:24|--ah-----|244] - C:\sqmnoopt11.sqm
    [19/04/2009 16:50|--ah-----|244] - C:\sqmnoopt12.sqm
    [19/04/2009 17:20|--ah-----|244] - C:\sqmnoopt13.sqm
    [20/04/2009 19:31|--ah-----|244] - C:\sqmnoopt14.sqm
    [20/04/2009 23:50|--ah-----|244] - C:\sqmnoopt15.sqm
    [20/04/2009 23:54|--ah-----|244] - C:\sqmnoopt16.sqm
    [20/04/2009 23:57|--ah-----|244] - C:\sqmnoopt17.sqm
    [21/04/2009 00:04|--ah-----|244] - C:\sqmnoopt18.sqm
    [22/04/2009 19:05|--ah-----|244] - C:\sqmnoopt19.sqm
    [16/05/2006 02:22|--a------|5] - C:\store.log
    [26/04/2008 01:00|--a------|166] - C:\SumHidd.txt
    [26/04/2008 00:59|--a------|98] - C:\SumOS.txt
    [23/07/2008 10:40|--a------|58760] - C:\symlcsv1.exe
    [27/04/2009 22:02|--a------|10164] - C:\UsbFix.txt
    [06/12/2007 22:22|--a------|23] - C:\V54.TXT
    [08/01/2009 16:54|--a------|4400] - C:\WirelessDiagLog.csv
    [13/03/2008 03:10|-ra------|703552] - E:\AutoRun.exe
    [13/03/2008 03:10|-ra------|670784] - E:\AutoRunGUI.dll
    [13/03/2008 01:01|-ra------|10134] - E:\Sims2DoubleDeluxe.ico
    [13/03/2008 03:10|-ra------|293952] - E:\Sims2DoubleDeluxe_uninst.exe
    [13/03/2008 03:10|-ra------|164] - E:\autorun.inf
    [13/03/2008 03:10|-ra------|130934] - E:\common_filelist.txt
    [13/03/2008 03:09|-ra------|57867761] - E:\compressed.zip
    [13/03/2008 03:10|-ra------|359488] - E:\eauninstall.exe
    [13/03/2008 01:01|-ra------|10134] - E:\eauninstall.ico

    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    C:\Users\zab\Desktop\SmitfraudFix\o4Patch.exe

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    27 Avril 2009 22:16:47

    voila le rapport Malwarebytes'

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2050
    Windows 6.0.6000

    27/04/09 22:11
    mbam-log-2009-04-27 (22-11-13).txt

    Type de recherche: Examen rapide
    Eléments examinés: 67318
    Temps écoulé: 3 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\temp\msb.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    27 Avril 2009 22:19:56

    j'ai deux question si tu me le permet :

    1 - y a til des processus que je peux retirer. des trucs inutiles ou qui bouffent de la memoire ? par exemple je me retrouve avec 12 svhost ? est- ce normal ?

    2 - dans le futur est ce que je peux me servir des logiciels que tu m'as fais utiliser pour simplement cleaner mon pc ?
    a c 327 8 Sécurité
    27 Avril 2009 22:42:37

    Citation :
    1 - y a til des processus que je peux retirer. des trucs inutiles ou qui bouffent de la memoire ?

    ---> Je regarderai plus précisément après avoir retiré les infections.

    Citation :
    par exemple je me retrouve avec 12 svhost ? est- ce normal ?

    ---> Le fait qu'il y en ait plusieurs est normal.

    Citation :
    dans le futur est ce que je peux me servir des logiciels que tu m'as fais utiliser pour simplement cleaner mon pc ?

    ---> Non, pas tous. ComboFix, il ne faut pas l'utiliser comme ça par exemple.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Désinstalle UsbFix.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    27 Avril 2009 22:57:00

    voila les deux rapport mais je ne sais pas si ca c'est deroulé correctement, je me demande si ya pas eu plantage ...j'ai essayé de le relancer mais il me reouvre les deux rapport directement...


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by zab at 2009-04-27 22:53:37
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 24 GB (20%) free of 119 GB
    Total RAM: 3071 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:53:39, on 27/04/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16764)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\zab\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\zab.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.boursorama.com/404.html
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSN...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe (file missing)
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 7113 bytes

    Err :510

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\Norton Internet Security - Analyse système complète - zab.job
    C:\Windows\tasks\User_Feed_Synchronization-{B8BC3291-F0B8-4718-B237-1C9C446D5F13}.job

    Err :510

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    ccApp=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
    Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    EnableLUA=0
    dontdisplaylastusername=0
    legalnoticecaption=
    legalnoticetext=
    shutdownwithoutlogon=1
    undockwithoutlogon=1
    DisableStatusMessages=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun=36
    NoDrives=0
    NoViewContextMenu=0
    NoWinKeys=0
    NoDriveAutoRun=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDrives=
    NoLogOff=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af4a884-d5bb-11dd-83aa-001fc655c2be}]
    shell\EmDesk\command - G:\EmDesk.exe


    Err :510

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .js - edit -
    .js - open -
    .txt - open -

    Err :510

    2009-04-27 22:46:41 ----D---- C:\rsit
    2009-04-27 22:28:01 ----A---- C:\Windows\system32\lmppcsetup.exe
    2009-04-27 22:06:11 ----D---- C:\Users\zab\AppData\Roaming\Malwarebytes
    2009-04-27 22:06:05 ----D---- C:\ProgramData\Malwarebytes
    2009-04-27 22:06:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-27 22:02:15 ----RASHD---- C:\autorun.inf
    2009-04-27 21:59:02 ----A---- C:\UsbFix.txt
    2009-04-27 19:43:22 ----D---- C:\Windows\temp
    2009-04-27 19:43:21 ----A---- C:\ComboFix.txt
    2009-04-27 19:11:00 ----A---- C:\Windows\zip.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\vFind.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\SWXCACLS.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\SWSC.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\SWREG.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\sed.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\NIRCMD.exe
    2009-04-27 19:11:00 ----A---- C:\Windows\grep.exe
    2009-04-27 19:10:39 ----D---- C:\ComboFix
    2009-04-27 19:08:39 ----D---- C:\Windows\ERDNT
    2009-04-27 19:07:12 ----D---- C:\Qoobox
    2009-04-27 18:56:39 ----A---- C:\rapport.txt
    2009-04-27 18:46:33 ----D---- C:\Program Files\Trend Micro
    2009-04-27 18:13:01 ----D---- C:\Program Files\CCleaner
    2009-04-27 18:09:54 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-04-27 18:09:24 ----D---- C:\ProgramData\Lavasoft
    2009-04-27 18:09:24 ----D---- C:\Program Files\Lavasoft
    2009-04-27 17:54:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-04-27 17:54:38 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-04-27 17:52:01 ----D---- C:\ProgramData\is-MH39J
    2009-04-27 17:08:51 ----A---- C:\Windows\system32\loader266.exe
    2009-04-27 12:48:39 ----D---- C:\Users\zab\AppData\Roaming\Download Manager

    Err :510

    2009-04-27 22:47:45 ----D---- C:\Windows\winsxs
    2009-04-27 22:45:30 ----D---- C:\Windows\system32\catroot
    2009-04-27 22:45:29 ----D---- C:\Windows\system32\catroot2
    2009-04-27 22:43:38 ----D---- C:\Windows\System32
    2009-04-27 22:43:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-04-27 22:43:36 ----D---- C:\Windows\inf
    2009-04-27 22:42:14 ----D---- C:\Windows
    2009-04-27 22:40:30 ----D---- C:\Windows\system32\drivers
    2009-04-27 22:12:34 ----RD---- C:\Program Files
    2009-04-27 22:06:05 ----HD---- C:\ProgramData
    2009-04-27 21:27:14 ----D---- C:\Windows\Minidump
    2009-04-27 19:39:03 ----A---- C:\Windows\system.ini
    2009-04-27 19:27:31 ----D---- C:\Windows\AppPatch
    2009-04-27 19:27:29 ----D---- C:\Program Files\Common Files
    2009-04-27 19:11:20 ----SHD---- C:\System Volume Information
    2009-04-27 18:56:44 ----D---- C:\Windows\Prefetch
    2009-04-27 18:16:58 ----D---- C:\Windows\Debug
    2009-04-27 18:12:00 ----D---- C:\Windows\Tasks
    2009-04-27 18:12:00 ----D---- C:\Windows\system32\Tasks
    2009-04-27 18:11:47 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-27 18:09:54 ----SHD---- C:\Windows\Installer
    2009-04-27 17:22:04 ----D---- C:\Program Files\Symantec
    2009-04-27 16:13:48 ----D---- C:\Program Files\Java
    2009-04-27 16:04:30 ----D---- C:\Program Files\WinamaxPoker
    2009-04-27 13:14:40 ----SHD---- C:\$RECYCLE.BIN
    2009-04-27 12:48:38 ----SD---- C:\Windows\Downloaded Program Files
    2009-04-27 01:16:40 ----A---- C:\Windows\NeroDigital.ini
    2009-04-26 22:24:35 ----D---- C:\Program Files\Azureus
    2009-04-26 22:24:33 ----D---- C:\Users\zab\AppData\Roaming\Azureus
    2009-04-16 22:11:44 ----D---- C:\SPDISK
    2009-03-30 21:54:12 ----D---- C:\Users\zab\AppData\Roaming\Adobe
    2009-03-30 21:54:12 ----D---- C:\ProgramData\Adobe

    Err :510

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-08-11 371248]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-05-13 261680]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
    R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
    R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
    R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
    R3 ASAPIW2K;ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-26 14208]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-11 99376]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
    R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-21 47616]
    R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2006-11-02 18432]
    R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080814.003\NAVENG.SYS [2008-06-10 89936]
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080814.003\NAVEX15.SYS [2008-06-10 856336]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-05 8241984]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-26 82432]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-05-30 1260672]
    R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-27 124464]
    R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
    R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
    R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
    R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
    S3 ai2ya701;ai2ya701; C:\Windows\system32\drivers\ai2ya701.sys []
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-08-08 19456]
    S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
    S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-08-08 220160]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-08 29184]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
    S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
    S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-11-04 48640]
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
    S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    Err :510

    R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
    R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
    R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-19 24576]
    R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
    S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe []
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-14 80504]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-16 1251720]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------




    DEUXIEME RAPPORT

    info.txt logfile of random's system information tool 1.06 2009-04-27 22:46:54

    Err :510

    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
    Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
    Adobe InDesign 2.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
    Adobe Premiere 6.0-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AlerteGPS G300-->C:\Program Files\AlerteGPS\G300\Uninstal.exe
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASAPI-->MsiExec.exe /X{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
    ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
    ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
    ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
    ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\SETUP.exe" -l0x9 -removeonly
    AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
    ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
    Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Guitar Pro 4-->MsiExec.exe /X{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}
    HijackThis 2.0.2-->"C:\Users\zab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M17UF31Z\HijackThis.exe" /uninstall
    i-Covers 2008.a-->"C:\Program Files\i-Covers\unins000.exe"
    Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
    ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\SETUP.exe -runfromtemp -l0x0009 -removeonly
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.exe" -l0x9 -removeonly
    Les Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\Les Sims 2 Double Deluxe\EAUninstall.exe
    LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
    LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
    mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
    Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
    Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
    Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
    Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
    Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
    Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
    Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
    Nero 7 Essentials-->MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
    Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
    Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
    Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
    Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
    Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
    Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
    Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
    Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
    Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TF1Vision version 1.3.1.5-->"C:\Program Files\TF1Vision\unins000.exe"
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
    USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe
    VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC iPhone Connection Utility-->MsiExec.exe /I{7C84E006-D044-4441-A294-E318B147476C}
    WaveLab Demo-->"C:\Program Files\Steinberg\WaveLab Demo\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Demo\install.log"
    Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
    Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (04/20/2007 5.0.0001.2)-->C:\PROGRA~1\DIFX\F46A63020E122F0A\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\itecir.inf_05ecfc6d\itecir.inf
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
    Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly

    Err :510

    AV: Norton Internet Security (disabled) (outdated)
    FW: Norton Internet Security (disabled)
    AS: Lavasoft Ad-Watch Live! (disabled)
    AS: Windows Defender (disabled) (outdated)
    AS: Norton Internet Security (outdated)

    Err :510

    Computer Name: PC-de-zab
    Event Code: 4374
    Message: Windows Servicing a déterminé que ce package KB948609(Update) n’est pas applicable à ce système.
    Record Number: 147656
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090427204213.000000-000
    Event Type: Avertissement
    User: PC-de-zab\zab

    Computer Name: PC-de-zab
    Event Code: 4374
    Message: Windows Servicing a déterminé que ce package KB948609(Update) n’est pas applicable à ce système.
    Record Number: 147657
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090427204213.000000-000
    Event Type: Avertissement
    User: PC-de-zab\zab

    Computer Name: PC-de-zab
    Event Code: 4374
    Message: Windows Servicing a déterminé que ce package KB948609(Update) n’est pas applicable à ce système.
    Record Number: 147660
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090427204214.000000-000
    Event Type: Avertissement
    User: PC-de-zab\zab

    Computer Name: PC-de-zab
    Event Code: 4374
    Message: Windows Servicing a déterminé que ce package KB948609(Update) n’est pas applicable à ce système.
    Record Number: 147661
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090427204214.000000-000
    Event Type: Avertissement
    User: PC-de-zab\zab

    Computer Name: PC-de-zab
    Event Code: 4374
    Message: Windows Servicing a déterminé que ce package KB948609(Update) n’est pas applicable à ce système.
    Record Number: 147662
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090427204214.000000-000
    Event Type: Avertissement
    User: PC-de-zab\zab

    Err :510

    Computer Name: PC-de-zab
    Event Code: 8193
    Message: Échec de la création d’un point de restauration sur le volume (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update ; Hr = 0x81000109).
    Record Number: 31022
    Source Name: System Restore
    Time Written: 20090427203848.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-zab
    Event Code: 12290
    Message: Avertissement du service de cliché instantané des volumes : ASR writer Error 0x80070565. hr = 0x00000000.

    Opération :
    Événement OnIdentify
    Données du rédacteur en cours de collecte

    Contexte :
    Contexte d’exécution: ASR Writer
    ID de classe du rédacteur: {be000cbe-11fe-4426-9c58-531aa6355fc4}
    Nom du rédacteur: ASR Writer
    ID d’instance du rédacteur: {de387e53-1dcf-4aa5-8daa-b50332f63d58}
    Record Number: 31023
    Source Name: VSS
    Time Written: 20090427203852.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-zab
    Event Code: 8193
    Message: Échec de la création d’un point de restauration sur le volume (Processus = C:\Windows\servicing\TrustedInstaller.exe ; Description = Programme d’installation pour les modules Windows ; Hr = 0x81000109).
    Record Number: 31024
    Source Name: System Restore
    Time Written: 20090427203857.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-zab
    Event Code: 12290
    Message: Avertissement du service de cliché instantané des volumes : ASR writer Error 0x80070565. hr = 0x00000000.

    Opération :
    Événement OnIdentify
    Données du rédacteur en cours de collecte

    Contexte :
    Contexte d’exécution: ASR Writer
    ID de classe du rédacteur: {be000cbe-11fe-4426-9c58-531aa6355fc4}
    Nom du rédacteur: ASR Writer
    ID d’instance du rédacteur: {de387e53-1dcf-4aa5-8daa-b50332f63d58}
    Record Number: 31025
    Source Name: VSS
    Time Written: 20090427204023.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-zab
    Event Code: 8193
    Message: Échec de la création d’un point de restauration sur le volume (Processus = C:\Windows\system32\DrvInst.exe "4" "0" "C:\Users\zab\{f2e1bc1f-cfdd-49ab-88db-e5b3e776cc2d}\netw4v32.inf" "0" "6dbc1ebcb" "000005B8" "WinSta0\Default" "000003FC" "208" "c:\windows\softwaredistribution\download\install" ; Description = Installation du package de pilote logiciel : Intel Cartes réseau ; Hr = 0x81000109).
    Record Number: 31026
    Source Name: System Restore
    Time Written: 20090427204027.000000-000
    Event Type: Erreur
    User:

    Err :510

    Computer Name: PC-de-zab
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :





    Privilèges :










    Record Number: 20720
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090125105152.119518-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-zab
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :





    Type d’ouverture de session :

    Nouvelle ouverture de session :






    Informations sur le processus :



    Informations sur le réseau :




    Informations détaillées sur l’authentification :






    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.




    Record Number: 20721
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090125105152.369118-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-zab
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :





    Privilèges :


    Record Number: 20722
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090125105152.369118-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-zab
    Event Code: 4648
    Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

    Sujet :






    Compte dont les informations d’identification ont été utilisées :




    Serveur cible :



    Informations sur le processus :



    Informations sur le réseau :



    Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
    Record Number: 20723
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090125105152.509518-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-zab
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :





    Type d’ouverture de session :

    Nouvelle ouverture de session :






    Informations sur le processus :



    Informations sur le réseau :




    Informations détaillées sur l’authentification :






    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.




    Record Number: 20724
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090125105152.509518-000
    Event Type: Succès de l'audit
    User:

    Err :510

    ComSpec=%SystemRoot%\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    OS=Windows_NT
    Path=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    TEMP=%SystemRoot%\TEMP
    TMP=%SystemRoot%\TEMP
    USERNAME=SYSTEM
    windir=%SystemRoot%
    PROCESSOR_LEVEL=6
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    PROCESSOR_REVISION=1706
    NUMBER_OF_PROCESSORS=2
    configsetroot=%SystemRoot%\ConfigSetRoot
    CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------


    a c 327 8 Sécurité
    27 Avril 2009 23:06:00

    C'est beaucoup mieux qu'au début.

    J'ai un doute sur deux fichiers.

  • Fais analyser les fichiers suivants :
    - C:\Windows\system32\lmppcsetup.exe
    - C:\Windows\system32\loader266.exe

  • Sur VirusTotal et poste les liens des analyses.
    a c 327 8 Sécurité
    27 Avril 2009 23:17:09

    Pour lmppcsetup.exe, c'est bien une infection.

    Pour loader266.exe, on dirait que ce n'est pas la bonne analyse.
    27 Avril 2009 23:20:10

    oui effectivement j'ai mis reinitialiser l'analyse pour loader ca arrive de suite
    a c 327 8 Sécurité
    27 Avril 2009 23:23:40

    C'est aussi un virus.

    Citation :
    C:\ProgramData\is-MH39J

    ---> Ce dossier te dit quelque chose ?
    27 Avril 2009 23:25:19

    je viens de regarder sans cliquer ca me dit absolument rien ... pourquoi tu as une idée ?
    a c 327 8 Sécurité
    27 Avril 2009 23:27:35

    /!\ Seul kingdonk peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    C:\Windows\system32\lmppcsetup.exe
    C:\Windows\system32\loader266.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    DirLook::
    C:\ProgramData\is-MH39J


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    28 Avril 2009 00:08:45

    désolé c'etait tres long j'ai pourtant lancé combo de suite apres ton message...

    il m'a fait reboot 2 fois, dint une fois avant pour la raison suivante " detection d'activité de rootkit avec les fichiers suivant :

    c:\windows\system32\drivers\ovfsthxvmkieixd.sys
    c:\windows\system32\ovfsthxhcrxbseu.dll
    c:\windows\system32\ovfsthxicmxeonr.dat
    c:\windows\system32\ovfsthxqcunvbpn.dll
    c:\windows\system32\ovfsthxvoipsepi.dat
    c:\windows\system32\ovfsthxwpwfevap.dll "

    voila le rapport:


    ComboFix 09-04-27.01 - zab 27/04/2009 23:37.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3071.2167 [GMT 2:00]
    Lancé depuis: c:\users\zab\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\zab\Desktop\CFScript.txt
    AV: Norton Internet Security *On-access scanning disabled* (Outdated)
    FW: Norton Internet Security *disabled*
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\lmppcsetup.exe
    c:\windows\system32\loader266.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\ovfsthxvmkieixd.sys
    c:\windows\system32\lmppcsetup.exe
    c:\windows\system32\loader266.exe
    c:\windows\system32\ovfsthxhcrxbseu.dll
    c:\windows\system32\ovfsthxicmxeonr.dat
    c:\windows\system32\ovfsthxqcunvbpn.dll
    c:\windows\system32\ovfsthxvoipsepi.dat
    c:\windows\system32\ovfsthxwpwfevap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthxbvdemaaj


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-27 20:58 . 2009-04-27 20:58 -------- d-----w C:\rsit
    2009-04-27 20:41 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
    2009-04-27 20:41 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
    2009-04-27 20:41 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
    2009-04-27 20:41 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
    2009-04-27 20:41 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
    2009-04-27 20:35 . 2009-02-09 01:54 2030080 ----a-w c:\windows\system32\win32k.sys
    2009-04-27 20:33 . 2008-10-21 05:16 1645568 ----a-w c:\windows\system32\connect.dll
    2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\users\zab\AppData\Roaming\Malwarebytes
    2009-04-27 20:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-27 20:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\programdata\Malwarebytes
    2009-04-27 20:06 . 2009-04-27 20:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-27 16:46 . 2009-04-27 16:46 -------- d-----w c:\program files\Trend Micro
    2009-04-27 16:13 . 2009-04-27 16:13 -------- d-----w c:\program files\CCleaner
    2009-04-27 16:11 . 2009-01-18 21:30 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-27 16:09 . 2009-04-27 16:10 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-04-27 16:09 . 2009-04-27 16:09 -------- d-----w c:\program files\Lavasoft
    2009-04-27 16:09 . 2009-04-27 16:11 -------- d-----w c:\programdata\Lavasoft
    2009-04-27 15:54 . 2009-04-27 16:17 -------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-04-27 15:54 . 2009-04-27 15:56 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w c:\programdata\is-MH39J
    2009-04-27 15:51 . 2009-04-27 17:00 9648160 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Links
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Searches
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Music
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Videos
    2009-04-27 11:14 . 2009-04-27 11:14 -------- d-----r c:\windows\system32\config\systemprofile\Documents
    2009-04-27 10:48 . 2009-04-27 11:27 -------- d-----w c:\users\zab\AppData\Roaming\Download Manager

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-27 21:57 . 2007-04-18 08:33 12 ----a-w c:\windows\bthservsdp.dat
    2009-04-27 20:43 . 2007-04-18 09:09 693588 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-27 20:43 . 2007-04-18 09:09 118450 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-27 20:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
    2009-04-27 20:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-04-27 20:40 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-04-27 17:00 . 2009-04-27 15:51 114140 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-04-27 15:22 . 2008-05-16 08:26 -------- d-----w c:\program files\Symantec
    2009-04-27 15:22 . 2008-05-16 08:27 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-27 15:22 . 2008-05-16 08:27 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-27 15:22 . 2008-05-16 08:27 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-27 15:10 . 2008-07-17 11:11 7592 ----a-w c:\users\zab\AppData\Local\d3d9caps.dat
    2009-04-27 14:13 . 2008-09-17 12:49 -------- d-----w c:\program files\Java
    2009-04-27 14:04 . 2008-05-16 15:37 -------- d-----w c:\program files\WinamaxPoker
    2009-04-26 20:24 . 2008-09-17 12:57 -------- d-----w c:\program files\Azureus
    2009-04-26 17:49 . 2008-05-17 10:48 199235 ----a-w c:\users\zab\AppData\Roaming\nvModes.dat
    2009-03-26 11:31 . 2008-05-16 08:31 117576 ----a-w c:\users\zab\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-03-25 17:22 . 2009-03-25 17:22 -------- d-----w c:\program files\Guitar Pro 4
    2009-03-16 15:07 . 2008-04-26 00:09 -------- d-----w c:\program files\ASUS
    2009-03-15 17:20 . 2009-03-15 17:20 107888 ----a-w c:\windows\system32\CmdLineExt.dll
    2009-03-15 16:40 . 2009-03-15 16:40 -------- d-----w c:\program files\EA GAMES
    2009-03-09 03:19 . 2008-11-05 09:53 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-03 04:20 . 2009-04-27 20:31 826368 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:16 . 2009-04-27 20:31 56320 ----a-w c:\windows\system32\iesetup.dll
    2009-03-03 04:16 . 2009-04-27 20:31 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:16 . 2009-04-27 20:31 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-03-03 04:15 . 2009-04-27 20:31 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-03 02:08 . 2009-04-27 20:31 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-03 00:44 . 2009-04-27 20:31 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-02-12 15:19 . 2008-05-16 08:14 117192 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    2008-12-14 11:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of c:\programdata\is-MH39J ----

    2009-04-27 15:52 . 2009-04-27 16:23 152011 ---ha-w c:\programdata\is-MH39J\~PRCustomProps#122.dat
    2009-04-27 15:52 . 2009-04-27 16:23 64011 ---ha-w c:\programdata\is-MH39J\~PRObjects#122.dat


    ((((((((((((((((((((((((((((( SnapShot@2009-04-27_17.39.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-04-27 20:41 . 2008-07-27 17:58 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.22230_none_d364a943819c841d\RegSvcs.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.18111_none_ea3038a767f70b0a\RegSvcs.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.20883_none_d38d6a958147435c\RegSvcs.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.16720_none_ea5553f167a4fe69\RegSvcs.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.22230_none_00497e9d2f298b6d\RegAsm.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.18111_none_17150e011584125a\RegAsm.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6000.20883_none_00723fef2ed44aac\RegAsm.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6000.16720_none_173a294b153205b9\RegAsm.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 37896 c:\windows\winsxs\x86_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_5c675395941257b3\WMINet_Utils.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 37896 c:\windows\winsxs\x86_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_7332e2f97a6cdea0\WMINet_Utils.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 37896 c:\windows\winsxs\x86_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_5c9014e793bd16f2\WMINet_Utils.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 37896 c:\windows\winsxs\x86_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_7357fe437a1ad1ff\WMINet_Utils.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 81400 c:\windows\winsxs\x86_netfx-tlbref_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_4a46e49b6d8ffc7e\TLBREF.DLL
    + 2009-04-27 20:41 . 2008-07-27 18:03 81400 c:\windows\winsxs\x86_netfx-tlbref_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_611273ff53ea836b\TLBREF.DLL
    + 2009-04-27 20:41 . 2008-07-27 17:55 81400 c:\windows\winsxs\x86_netfx-tlbref_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_4a6fa5ed6d3abbbd\TLBREF.DLL
    + 2009-04-27 20:41 . 2008-07-27 18:00 81400 c:\windows\winsxs\x86_netfx-tlbref_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_61378f49539876ca\TLBREF.DLL
    + 2009-04-27 20:41 . 2008-07-27 17:58 95232 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_8f45fc5fe5d5bfa9\ShFusRes.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 95232 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_a6118bc3cc304696\ShFusRes.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 95232 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_8f6ebdb1e5807ee8\ShFusRes.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 95232 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_a636a70dcbde39f5\ShFusRes.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 16896 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.0.6001.22230_none_66e098c8804b9951\SharedReg12.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 16896 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.0.6001.18111_none_666d9c1f671cdafc\SharedReg12.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 16896 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.0.6000.20883_none_64c74b64834ae01a\SharedReg12.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 16896 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.0.6000.16720_none_647b8d4369ff4ca5\SharedReg12.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.0.6001.22230_none_4dba200b004deb5f\sbscmp20_perfcounter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.0.6001.18111_none_4d472361e71f2d0a\sbscmp20_perfcounter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.0.6000.20883_none_4ba0d2a7034d3228\sbscmp20_perfcounter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.0.6000.16720_none_4b551485ea019eb3\sbscmp20_perfcounter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.0.6001.22230_none_8017a6625f87cb2b\sbscmp20_mscorwks.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.0.6001.18111_none_7fa4a9b946590cd6\sbscmp20_mscorwks.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.0.6000.20883_none_7dfe58fe628711f4\sbscmp20_mscorwks.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.0.6000.16720_none_7db29add493b7e7f\sbscmp20_mscorwks.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.0.6001.22230_none_3e06e0387a8766d4\sbscmp20_mscorlib.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.0.6001.18111_none_54d26f9c60e1edc1\sbscmp20_mscorlib.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.0.6000.20883_none_3e2fa18a7a322613\sbscmp20_mscorlib.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 16896 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.0.6000.16720_none_54f78ae6608fe120\sbscmp20_mscorlib.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 16896 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.0.6001.22230_none_756f2f8f1e31ddf9\sbscmp10.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 16896 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.0.6001.18111_none_74fc32e605031fa4\sbscmp10.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 16896 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.0.6000.20883_none_7355e22b213124c2\sbscmp10.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 16896 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.0.6000.16720_none_730a240a07e5914d\sbscmp10.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14352 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.0.6001.22230_none_010420a69ef36b65\sbs_wminet_utils.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14352 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.0.6001.18111_none_009123fd85c4ad10\sbs_wminet_utils.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14352 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.0.6000.20883_none_feead342a1f2b22e\sbs_wminet_utils.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14352 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.0.6000.16720_none_fe9f152188a71eb9\sbs_wminet_utils.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14344 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.0.6001.22230_none_9418950086c65f54\sbs_VsaVb7rt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14344 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.0.6001.18111_none_93a598576d97a0ff\sbs_VsaVb7rt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14344 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.0.6000.20883_none_91ff479c89c5a61d\sbs_VsaVb7rt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14344 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.0.6000.16720_none_91b3897b707a12a8\sbs_VsaVb7rt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14376 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6001.22230_none_619288783f079556\sbs_system.enterpriseservices.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14376 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6001.18111_none_611f8bcf25d8d701\sbs_system.enterpriseservices.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14376 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6000.20883_none_5f793b144206dc1f\sbs_system.enterpriseservices.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14376 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6000.16720_none_5f2d7cf328bb48aa\sbs_system.enterpriseservices.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14352 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.0.6001.22230_none_fef2effa05fca369\sbs_system.data.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14352 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.0.6001.18111_none_fe7ff350eccde514\sbs_system.data.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14352 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.0.6000.20883_none_fcd9a29608fbea32\sbs_system.data.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14352 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.0.6000.16720_none_fc8de474efb056bd\sbs_system.data.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14384 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.0.6001.22230_none_bfb382834e9d9761\sbs_system.configuration.install.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14384 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.0.6001.18111_none_bf4085da356ed90c\sbs_system.configuration.install.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14384 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.0.6000.20883_none_bd9a351f519cde2a\sbs_system.configuration.install.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14384 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.0.6000.16720_none_bd4e76fe38514ab5\sbs_system.configuration.install.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14344 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.0.6001.22230_none_e666deedf5675f6c\sbs_mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14344 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.0.6001.18111_none_e5f3e244dc38a117\sbs_mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14344 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.0.6000.20883_none_e44d9189f866a635\sbs_mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14344 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.0.6000.16720_none_e401d368df1b12c0\sbs_mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14344 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.0.6001.22230_none_a1c30b4c8684fb9c\sbs_mscorrc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14344 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.0.6001.18111_none_a1500ea36d563d47\sbs_mscorrc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14344 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.0.6000.20883_none_9fa9bde889844265\sbs_mscorrc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14344 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.0.6000.16720_none_9f5dffc77038aef0\sbs_mscorrc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14344 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.0.6001.22230_none_639928d25085ae4a\sbs_mscordbi.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14344 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.0.6001.18111_none_63262c293756eff5\sbs_mscordbi.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14344 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.0.6000.20883_none_617fdb6e5384f513\sbs_mscordbi.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14344 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.0.6000.16720_none_61341d4d3a39619e\sbs_mscordbi.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14904 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.0.6001.22230_none_f8126c3faf315f4a\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14904 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.0.6001.18111_none_f79f6f969602a0f5\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14904 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.0.6000.20883_none_f5f91edbb230a613\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14904 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.0.6000.16720_none_f5ad60ba98e5129e\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14360 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.0.6001.22230_none_fd402afdaaaea2d1\sbs_microsoft.jscript.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14360 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.0.6001.18111_none_fccd2e54917fe47c\sbs_microsoft.jscript.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14360 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.0.6000.20883_none_fb26dd99adade99a\sbs_microsoft.jscript.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14360 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.0.6000.16720_none_fadb1f7894625625\sbs_microsoft.jscript.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14336 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.22230_none_1821598f5ba01811\sbs_iehost.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14336 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.18111_none_17ae5ce6427159bc\sbs_iehost.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14336 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.20883_none_16080c2b5e9f5eda\sbs_iehost.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14336 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16720_none_15bc4e0a4553cb65\sbs_iehost.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 14352 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.0.6001.22230_none_a7185cc2f855ce77\sbs_diasymreader.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 14352 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.0.6001.18111_none_a6a56019df271022\sbs_diasymreader.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 14352 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.0.6000.20883_none_a4ff0f5efb551540\sbs_diasymreader.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 14352 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.0.6000.16720_none_a4b3513de20981cb\sbs_diasymreader.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 88584 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_130c52e1194d5fbe\PerfCounter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 88584 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_29d7e244ffa7e6ab\PerfCounter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 88584 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_1335143318f81efd\PerfCounter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 88584 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_29fcfd8eff55da0a\PerfCounter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 24584 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_c565cc64474bc4ea\normalization.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 24584 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_dc315bc82da64bd7\normalization.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 24584 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_c58e8db646f68429\normalization.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 24584 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_dc5677122d543f36\normalization.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 82944 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6001.22230_none_3bf81e61c72a5b9c\NETFXSBS10.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 82944 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6001.18111_none_3b8521b8adfb9d47\NETFXSBS10.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 82944 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6000.20883_none_39ded0fdca29a265\NETFXSBS10.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 82944 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6000.16720_none_399312dcb0de0ef0\NETFXSBS10.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 19456 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_b7d330597e7f786d\mscortim.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 19456 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_ce9ebfbd64d9ff5a\mscortim.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 19456 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_b7fbf1ab7e2a37ac\mscortim.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 19456 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_cec3db076487f2b9\mscortim.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 69632 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_092b8008021d8703\mscorsvw.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 69632 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_1ff70f6be8780df0\mscorsvw.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 69632 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_0954415a01c84642\mscorsvw.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 69632 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 18944 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_7f8e04aa7abe635a\mscorsn.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 18944 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_9659940e6118ea47\mscorsn.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 18944 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_7fb6c5fc7a692299\mscorsn.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 18944 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_967eaf5860c6dda6\mscorsn.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 31744 c:\windows\winsxs\x86_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_8ecad3ca082b2720\mscorsecr.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 31744 c:\windows\winsxs\x86_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_a596632dee85ae0d\mscorsecr.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 31744 c:\windows\winsxs\x86_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_8ef3951c07d5e65f\mscorsecr.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 31744 c:\windows\winsxs\x86_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_a5bb7e77ee33a16c\mscorsecr.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 77312 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_fae6aedc0e6b4e7e\mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 77312 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_11b23e3ff4c5d56b\mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 77312 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_fb0f702e0e160dbd\mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 77312 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_11d75989f473c8ca\mscorsec.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 96768 c:\windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.0.6001.22230_none_a7ebd3ffe29b30fd\mscormmc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 96768 c:\windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.0.6001.18111_none_a778d756c96c72a8\mscormmc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 96768 c:\windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.0.6000.20883_none_a5d2869be59a77c6\mscormmc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 96768 c:\windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.0.6000.16720_none_a586c87acc4ee451\mscormmc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 94208 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_ac146deb63538815\mscorld.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 94208 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_c2dffd4f49ae0f02\mscorld.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 94208 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_ac3d2f3d62fe4754\mscorld.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 94208 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_c3051899495c0261\mscorld.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 83968 c:\windows\winsxs\x86_netfx-mscories_dll_31bf3856ad364e35_6.0.6001.22230_none_be8c4c4f0b009af1\mscories.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 83968 c:\windows\winsxs\x86_netfx-mscories_dll_31bf3856ad364e35_6.0.6001.18111_none_be194fa5f1d1dc9c\mscories.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 83968 c:\windows\winsxs\x86_netfx-mscories_dll_31bf3856ad364e35_6.0.6000.20883_none_bc72feeb0dffe1ba\mscories.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 83968 c:\windows\winsxs\x86_netfx-mscories_dll_31bf3856ad364e35_6.0.6000.16720_none_bc2740c9f4b44e45\mscories.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 46592 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_d3cbdc1189d08299\mscorie.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 46592 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_ea976b75702b0986\mscorie.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 46592 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_d3f49d63897b41d8\mscorie.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 46592 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_eabc86bf6fd8fce5\mscorie.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 15360 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.0.6001.22230_none_19c2b92ea4636075\mscorees.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 15360 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.0.6001.18111_none_194fbc858b34a220\mscorees.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 15360 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.0.6000.20883_none_17a96bcaa762a73e\mscorees.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 15360 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.0.6000.16720_none_175dada98e1713c9\mscorees.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 83456 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_56252df9df5d309a\mscordbc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 83456 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_6cf0bd5dc5b7b787\mscordbc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 83456 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_564def4bdf07efd9\mscordbc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 83456 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_6d15d8a7c565aae6\mscordbc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 65032 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_9febc1e7f22703d7\InstallUtilLib.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 65032 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_b6b7514bd8818ac4\InstallUtilLib.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 65032 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_a0148339f1d1c316\InstallUtilLib.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 65032 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_b6dc6c95d82f7e23\InstallUtilLib.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 41984 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.0.6001.22230_none_94fcd76f946eff94\netfxperf.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 41984 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.0.6001.18111_none_9489dac67b40413f\netfxperf.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 41984 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.0.6000.20883_none_92e38a0b976e465d\netfxperf.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 41984 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.0.6000.16720_none_9297cbea7e22b2e8\netfxperf.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 18936 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_ec06bddd243f001b\fusion.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 18936 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_02d24d410a998708\fusion.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 18936 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_ec2f7f2f23e9bf5a\fusion.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 18936 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_02f7688b0a477a67\fusion.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 36344 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6001.22230_none_b6d1c8d334ddd99f\dw20.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 36344 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6001.18111_none_cd9d58371b38608c\dw20.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 36344 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6000.20883_none_b6fa8a25348898de\dw20.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 36344 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6000.16720_none_cdc273811ae653eb\dw20.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 96760 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.0.6001.22230_none_78e9255d762fdbb1\dfshim.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 96760 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.0.6001.18111_none_787628b45d011d5c\dfshim.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 96760 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.0.6000.20883_none_76cfd7f9792f227a\dfshim.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 96760 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.0.6000.16720_none_768419d85fe38f05\dfshim.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 62968 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_7185974a6e32de81\dfdll.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 62968 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_885126ae548d656e\dfdll.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 62968 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_71ae589c6ddd9dc0\dfdll.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 62968 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_887641f8543b58cd\dfdll.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 13824 c:\windows\winsxs\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_bacd10f23217d582\CvtResUI.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 13824 c:\windows\winsxs\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_d198a05618725c6f\CvtResUI.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 13824 c:\windows\winsxs\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_baf5d24431c294c1\CvtResUI.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 13824 c:\windows\winsxs\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_d1bdbba018204fce\CvtResUI.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 35320 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6001.22230_none_cef5751c4db35cea\cvtres.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 35320 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6001.18111_none_e5c10480340de3d7\cvtres.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 35320 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6000.20883_none_cf1e366e4d5e1c29\cvtres.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 35320 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6000.16720_none_e5e61fca33bbd736\cvtres.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 27136 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_c3e32d9c69e154e1\Culture.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 27136 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_daaebd00503bdbce\Culture.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 27136 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_c40beeee698c1420\Culture.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 27136 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_dad3d84a4fe9cf2d\Culture.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 80376 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6001.22230_none_e7adfd7046bf26c1\csc.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 80376 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6001.18111_none_fe798cd42d19adae\csc.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 80376 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6000.20883_none_e7d6bec24669e600\csc.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 80376 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6000.16720_none_fe9ea81e2cc7a10d\csc.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 89608 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_9c1cec65dc98c049\CORPerfMonExt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 89608 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_b2e87bc9c2f34736\CORPerfMonExt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 89608 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_9c45adb7dc437f88\CORPerfMonExt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 89608 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_b30d9713c2a13a95\CORPerfMonExt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 57392 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_3b956266d17f0dbf\System.EnterpriseServices.Thunk.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 57392 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_5260f1cab7d994ac\System.EnterpriseServices.Thunk.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 57392 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_3bbe23b8d129ccfe\System.EnterpriseServices.Thunk.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 57392 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_52860d14b787880b\System.EnterpriseServices.Thunk.dll
    + 2009-04-27 20:37 . 2008-10-13 22:23 31560 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.22286_none_ae22a99ca5ea00b1\aspnet_wp.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 33792 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_ae1e30daa5ede838\aspnet_wp.exe
    + 2009-04-27 20:37 . 2008-10-13 22:26 31560 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.18155_none_c4ed66468c453b05\aspnet_wp.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 33792 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_c4e9c03e8c486f25\aspnet_wp.exe
    + 2009-04-27 20:37 . 2008-10-13 22:25 31560 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.20935_none_ae41c306a59d5c57\aspnet_wp.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 33792 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_ae46f22ca598a777\aspnet_wp.exe
    + 2009-04-27 20:37 . 2008-10-13 22:23 31560 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.16762_none_c512af208bf2fb22\aspnet_wp.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 33792 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_c50edb888bf66284\aspnet_wp.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 34312 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_6a52465fdc80f89e\aspnet_state.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 34312 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_811dd5c3c2db7f8b\aspnet_state.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 34312 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_6a7b07b1dc2bb7dd\aspnet_state.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 34312 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_8142f10dc28972ea\aspnet_state.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 33288 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_fb5d16613b9f1c00\aspnet_regiis.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 33288 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_1228a5c521f9a2ed\aspnet_regiis.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 33288 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_fb85d7b33b49db3f\aspnet_regiis.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 33288 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_124dc10f21a7964c\aspnet_regiis.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 84480 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.0.6001.22230_none_194f3800176a22e3\aspnet_rc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 84480 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.0.6001.18111_none_301ac763fdc4a9d0\aspnet_rc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 84480 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.0.6000.20883_none_1977f9521714e222\aspnet_rc.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 84480 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.0.6000.16720_none_303fe2adfd729d2f\aspnet_rc.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 33800 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_c6dfa1ad165d9fc6\Aspnet_perf.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 33800 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_ddab3110fcb826b3\Aspnet_perf.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 33800 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_c70862ff16085f05\Aspnet_perf.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 33800 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_ddd04c5afc661a12\Aspnet_perf.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 97792 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_79f7f7a1ecc8b0e1\MmcAspExt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 97792 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_90c38705d32337ce\MmcAspExt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 97792 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_7a20b8f3ec737020\MmcAspExt.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 97792 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_90e8a24fd2d12b2d\MmcAspExt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 17416 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_c6b2c95782a8d4ef\aspnet_isapi.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 17416 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_dd7e58bb69035bdc\aspnet_isapi.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 17416 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_c6db8aa98253942e\aspnet_isapi.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 17416 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_dda3740568b14f3b\aspnet_isapi.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 22024 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_be85852d718763f1\aspnet_filter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 22024 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_d551149157e1eade\aspnet_filter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 22024 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_beae467f71322330\aspnet_filter.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 22024 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_d5762fdb578fde3d\aspnet_filter.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 58880 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_ae6c18ea84987f1f\AppLaunch.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 58880 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_c537a84e6af3060c\AppLaunch.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 58880 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_ae94da3c84433e5e\AppLaunch.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 58880 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_c55cc3986aa0f96b\AppLaunch.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 28672 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.0.6001.22230_none_4e662f92bea93024\alinkui.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 28672 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.0.6001.18111_none_6531bef6a503b711\alinkui.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 28672 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.0.6000.20883_none_4e8ef0e4be53ef63\alinkui.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 28672 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.0.6000.16720_none_6556da40a4b1aa70\alinkui.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 98808 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_22314a8c053513e8\alink.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 98808 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_38fcd9efeb8f9ad5\alink.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 98808 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_225a0bde04dfd327\alink.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 98808 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_3921f539eb3d8e34\alink.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.22230_none_6a687297cadcd9e6\MSBuild.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.18111_none_813401fbb13760d3\MSBuild.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6000.20883_none_6a9133e9ca879925\MSBuild.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6000.16720_none_81591d45b0e55432\MSBuild.exe
    + 2009-04-27 20:31 . 2009-03-03 04:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21023_none_2a8666ad812ddf1b\iebrshim.dll
    + 2009-04-27 20:31 . 2009-03-03 04:16 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16830_none_29ef20f6681adbfb\iebrshim.dll
    + 2009-04-27 20:31 . 2009-03-03 04:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iesetup.dll
    + 2009-04-27 20:31 . 2009-03-03 04:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iernonce.dll
    + 2009-04-27 20:31 . 2009-03-03 02:06 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\ie4uinit.exe
    + 2009-04-27 20:31 . 2009-03-03 04:16 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iesetup.dll
    + 2009-04-27 20:31 . 2009-03-03 04:16 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iernonce.dll
    + 2009-04-27 20:31 . 2009-03-03 02:08 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\ie4uinit.exe
    + 2009-04-27 20:31 . 2009-03-03 02:15 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\ieUnatt.exe
    + 2009-04-27 20:31 . 2009-03-03 02:28 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\ieUnatt.exe
    + 2009-04-27 20:31 . 2009-03-03 02:06 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\ieUnatt.exe
    + 2009-04-27 20:31 . 2009-03-03 02:08 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\ieUnatt.exe
    + 2009-04-27 20:31 . 2009-03-03 04:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21023_none_592c1a7f8042c775\icardie.dll
    + 2009-04-27 20:31 . 2009-03-03 04:16 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16830_none_5894d4c8672fc455\icardie.dll
    + 2009-04-27 20:31 . 2009-03-03 02:14 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\mshtmler.dll
    + 2009-04-27 20:31 . 2009-03-03 04:28 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\ieencode.dll
    + 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\mshtmler.dll
    + 2009-04-27 20:31 . 2009-03-03 04:37 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\ieencode.dll
    + 2009-04-27 20:31 . 2009-03-03 00:41 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\mshtmler.dll
    + 2009-04-27 20:31 . 2009-03-03 04:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\ieencode.dll
    + 2009-04-27 20:31 . 2009-03-03 00:44 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\mshtmler.dll
    + 2009-04-27 20:31 . 2009-03-03 04:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\ieencode.dll
    + 2009-04-27 20:31 . 2009-03-03 04:26 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\admparse.dll
    + 2009-04-27 20:31 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\admparse.dll
    + 2009-04-27 20:31 . 2009-03-03 04:13 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\admparse.dll
    + 2009-04-27 20:31 . 2009-03-03 04:15 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\admparse.dll
    + 2009-04-27 20:31 . 2009-03-03 04:32 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\WininetPlugin.dll
    + 2009-04-27 20:31 . 2009-03-03 04:29 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\jsproxy.dll
    + 2008-05-16 14:05 . 2008-05-16 14:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WininetPlugin.dll
    + 2009-04-27 20:31 . 2009-03-03 04:37 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\jsproxy.dll
    + 2009-04-27 20:31 . 2009-03-03 04:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\WininetPlugin.dll
    + 2009-04-27 20:31 . 2009-03-03 04:14 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\jsproxy.dll
    + 2009-04-27 20:31 . 2009-03-03 04:20 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\WininetPlugin.dll
    + 2009-04-27 20:31 . 2009-03-03 04:16 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\jsproxy.dll
    + 2009-04-27 20:31 . 2009-03-03 04:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21023_none_ec570a422f6e343f\pngfilt.dll
    + 2009-04-27 20:31 . 2009-03-03 04:19 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16830_none_ebbfc48b165b311f\pngfilt.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.0.6001.22230_none_f190f5ef2cc517e1\ISymWrapper.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.0.6001.18111_none_085c8553131f9ece\ISymWrapper.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.0.6000.20883_none_f1b9b7412c6fd720\ISymWrapper.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.0.6000.16720_none_0881a09d12cd922d\ISymWrapper.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6001.22230_none_64acf3553ac5a0c9\InstallUtil.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6001.18111_none_7b7882b9212027b6\InstallUtil.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6000.20883_none_64d5b4a73a706008\InstallUtil.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6000.16720_none_7b9d9e0320ce1b15\InstallUtil.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.0.6001.22230_none_5b747583ab60c1bf\CustomMarshalers.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.0.6001.18111_none_724004e791bb48ac\CustomMarshalers.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.0.6000.20883_none_5b9d36d5ab0b80fe\CustomMarshalers.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.0.6000.16720_none_7265203191693c0b\CustomMarshalers.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6001.22230_none_f29d5fad32b759c9\aspnet_regbrowsers.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6001.18111_none_0968ef111911e0b6\aspnet_regbrowsers.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6000.20883_none_f2c620ff32621908\aspnet_regbrowsers.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6000.16720_none_098e0a5b18bfd415\aspnet_regbrowsers.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6001.22230_none_01fc77a472358303\aspnet_compiler.exe
    + 2009-04-27 20:41 . 2008-07-27 18:03 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6001.18111_none_18c80708589009f0\aspnet_compiler.exe
    + 2009-04-27 20:41 . 2008-07-27 17:55 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.20883_none_022538f671e04242\aspnet_compiler.exe
    + 2009-04-27 20:41 . 2008-07-27 18:00 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.16720_none_18ed2252583dfd4f\aspnet_compiler.exe
    + 2009-04-27 20:41 . 2008-07-27 17:58 77824 c:\windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6001.22230_none_36c0279e3824ba1d\System.Web.RegularExpressions.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 77824 c:\windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6001.18111_none_4d8bb7021e7f410a\System.Web.RegularExpressions.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 77824 c:\windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6000.20883_none_36e8e8f037cf795c\System.Web.RegularExpressions.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 77824 c:\windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6000.16720_none_4db0d24c1e2d3469\System.Web.RegularExpressions.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6001.22230_none_053d7dceca0e50f6\System.Drawing.Design.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6001.18111_none_1c090d32b068d7e3\System.Drawing.Design.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6000.20883_none_05663f20c9b91035\System.Drawing.Design.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6000.16720_none_1c2e287cb016cb42\System.Drawing.Design.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6001.22230_none_74f6b119924b1b75\System.Configuration.Install.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6001.18111_none_8bc2407d78a5a262\System.Configuration.Install.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6000.20883_none_751f726b91f5dab4\System.Configuration.Install.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6000.16720_none_8be75bc7785395c1\System.Configuration.Install.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6001.22230_none_5184820053c60f93\Microsoft.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6001.18111_none_685011643a209680\Microsoft.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6000.20883_none_51ad43525370ced2\Microsoft.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6000.16720_none_68752cae39ce89df\Microsoft.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6001.22230_none_2db156f10c3d89a8\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6001.18111_none_447ce654f2981095\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6000.20883_none_2dda18430be848e7\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6000.16720_none_44a2019ef24603f4\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6001.22230_none_dc0dbeaf661f6557\Microsoft.VisualBasic.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6001.18111_none_f2d94e134c79ec44\Microsoft.VisualBasic.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6000.20883_none_dc36800165ca2496\Microsoft.VisualBasic.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6000.16720_none_f2fe695d4c27dfa3\Microsoft.VisualBasic.Vsa.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 77824 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6001.22230_none_cb3ecf4cbea98a6d\Microsoft.Build.Utilities.dll
    + 2009-04-27 20:41 . 2008-07-27 18:03 77824 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6001.18111_none_e20a5eb0a504115a\Microsoft.Build.Utilities.dll
    + 2009-04-27 20:41 . 2008-07-27 17:55 77824 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6000.20883_none_cb67909ebe5449ac\Microsoft.Build.Utilities.dll
    + 2009-04-27 20:41 . 2008-07-27 18:00 77824 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6000.16720_none_e22f79faa4b204b9\Microsoft.Build.Utilities.dll
    + 2009-04-27 20:41 . 2008-07-27 17:58 36864
    a c 327 8 Sécurité
    28 Avril 2009 00:19:17

    Les rootkits étaient revenus, je comprends mieux l'écran bleu maintenant.

    Le PC va mieux ?
    28 Avril 2009 00:26:49

    le pc va nettement mieux maintenant ...c'est de la folie merci bcp ....t'es un chef !

    franchement t'assures !

    T'as fais un sacré truc la ...j'ai pas tout compris mais qd meme un peu ;) 

    je te remercie enormement pour ta patience, tu as de sacrées connaissances ...tu travailles pour le gouvernement ou quoi ;) 

    Bref milles merci et sans deconner je t'aurais bien payé une bouteille pour te remercier.
    a c 327 8 Sécurité
    28 Avril 2009 00:30:10

    1/

  • Désinstalle HijackThis.
  • Mets à jour Adobe Reader.

  • Télécharge OTCleanIt sur ton Bureau :
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Réactive l'UAC si ce n'est pas déjà fait.

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    28 Avril 2009 00:31:10



    T'es un boss !!

    :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre:  :ouimaitre: 

    Merci encore ...
    a c 327 8 Sécurité
    28 Avril 2009 00:34:06

    Ah oui, j'ai oublié quelque chose, il faut que tu installes le SP1 de Vista.
    28 Avril 2009 01:01:38

    ok pas de probleme...dis moi un truc stp : qd je vais pour creer un point de restauration, il me met le message suivant :

    "le point de restauration n'a pas pu etre cree pour la raison suivant :

    windows ne pt pas creer un cliché instantané en raison d"une erreur interne dans d'autres composants systzmz.
    Pour plus d'on, consultez le journal d'evenements. (0*81000109)

    veuillez recommencer."

    je recommence mais toujours le meme message... as tu une idée ?
    a c 327 8 Sécurité
    28 Avril 2009 01:07:47

    Installe le SP1, ça résoudra peut-être le problème.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS