Se connecter / S'enregistrer
Votre question

Processus indésirables

Tags :
  • Microsoft
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Octobre 2008 18:20:38

Bonjour !

Voici mon rapport Hijack, quelqu'un pourrait-il l'analyser pour moi ?
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:49, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
K:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
K:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\6LN0dYGS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.touslesdrivers.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {12C9DCFC-7EDD-4724-A065-E34A09D12295} - (no file)
O2 - BHO: (no name) - {691F1D44-7EF2-47CB-877A-91835CEB122F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\a82sD246.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbXQgHYs - cbXQgHYs.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6108 bytes

Autres pages sur : processus indesirables

a b 8 Sécurité
13 Octobre 2008 18:22:32

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    13 Octobre 2008 18:34:03

    Merci de ta réponse rapide ;) 

    Rapport combofix :

    ComboFix 08-10-12.01 - Bardy 2008-10-13 18:25:13.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1544 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Bardy\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\6LN0dYGS.exe
    C:\WINDOWS\system32\6LN0dYGS.exe.a_a
    C:\WINDOWS\system32\a82sD246.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-13 18:09 . 2008-10-13 18:09 <REP> d-------- C:\Documents and Settings\Bardy\Application Data\XRay Engine
    2008-10-05 22:29 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-05 22:29 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-05 22:28 . 2008-10-05 22:28 <REP> d-------- K:\Program Files\QuickTime
    2008-10-05 22:28 . 2008-10-05 22:29 <REP> d-------- K:\Program Files\iTunes
    2008-10-05 22:28 . 2008-10-05 22:28 <REP> d-------- K:\Program Files\iPod
    2008-10-05 22:28 . 2008-10-05 22:28 <REP> d-------- K:\Program Files\Bonjour
    2008-10-05 22:28 . 2008-10-05 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-24 18:31 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
    2008-09-24 18:31 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-09-24 18:31 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
    2008-09-24 18:31 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
    2008-09-24 18:31 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
    2008-09-24 18:31 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-09-24 18:31 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-09-24 18:30 . 2008-09-24 18:30 <REP> d-------- C:\WINDOWS\Logs
    2008-09-24 18:21 . 2008-09-24 18:21 <REP> d-------- K:\Program Files\Deep Silver
    2008-09-22 20:49 . 2008-09-22 20:49 <REP> d-------- K:\Program Files\MSBuild
    2008-09-22 20:48 . 2008-09-22 20:48 <REP> d-------- K:\Program Files\Microsoft.NET
    2008-09-22 20:46 . 2008-09-22 20:47 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-09-22 20:02 . 2008-09-22 20:02 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-09-21 22:38 . 2008-09-21 22:38 30,272 --a------ C:\WINDOWS\system32\jtHy0603.exe
    2008-09-16 21:55 . 2008-08-08 14:47 227,840 --a------ C:\WINDOWS\system32\bzFlRdr.dll
    2008-09-16 21:55 . 2008-09-05 06:29 193,024 --a------ C:\WINDOWS\system32\bzpdf.dll
    2008-09-16 21:55 . 2008-09-14 11:11 126,976 --a------ C:\WINDOWS\system32\bzpdfc.dll
    2008-09-16 21:55 . 2008-07-10 00:19 103,424 --a------ C:\WINDOWS\system32\bzDCT.dll
    2008-09-16 21:54 . 2008-09-16 21:54 <REP> d-------- K:\Program Files\Bullzip
    2008-09-16 21:53 . 2008-09-16 21:53 <REP> d-------- C:\Documents and Settings\Bardy\Application Data\Bullzip

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-08 15:07 --------- d-----w K:\Program Files\Spybot - Search & Destroy
    2008-10-05 20:28 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-09-29 17:57 --------- d-----w K:\Program Files\Malwarebytes' Anti-Malware
    2008-09-24 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-22 18:47 --------- d-----w K:\Program Files\Microsoft Visual Studio 8
    2008-09-10 18:52 --------- d-----w K:\Program Files\Atari
    2008-09-10 18:50 --------- d-----w C:\Program Files\Fichiers communs\BioWare
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-02 09:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-02 09:36 --------- d-----w K:\Program Files\AGEIA Technologies
    2008-08-31 21:43 --------- d-----w K:\Program Files\Diablo II
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-29 00:57 1,608 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-29 00:52 --------- d-----w C:\Documents and Settings\Bardy\Application Data\Malwarebytes
    2008-08-29 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-27 21:46 --------- d-----w C:\Documents and Settings\Bardy\Application Data\uTorrent
    2008-08-27 13:17 87,040 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-26 18:19 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-08-17 18:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-16 10:22 --------- d-----w K:\Program Files\7-Zip
    2008-08-14 19:52 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-14 13:13 --------- d-----w C:\Documents and Settings\Bardy\Application Data\gnupg
    2008-08-06 05:51 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-08-01 11:34 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
    2008-08-01 11:34 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
    2008-08-01 11:34 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
    2008-08-01 11:21 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
    2008-08-01 11:21 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
    2008-08-01 09:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
    2008-07-27 11:51 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
    2008-07-27 09:22 1 -c--a-w C:\Documents and Settings\Bardy\SI.bin
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-04-16 12:14 22,328 -c--a-w C:\Documents and Settings\Bardy\Application Data\PnkBstrK.sys
    2006-06-23 22:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-01_17.35.46.70 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
    + 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
    + 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-25 06:56:31 194,144 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-11-01 05:15:27 621,344 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
    + 2007-11-30 12:39:29 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
    + 2007-11-30 12:39:29 234,872 -c--a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
    + 2007-11-30 12:39:29 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 -c--a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
    + 2007-11-30 12:39:31 406,392 -c--a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
    + 2008-05-08 12:14:51 203,008 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:29 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:29 234,872 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:29 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:31 406,392 -c--a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-04-11 18:40:33 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
    + 2008-04-11 19:05:22 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
    + 2008-04-11 22:23:04 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
    + 2007-12-03 15:25:43 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-14 18:03:13 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-14 17:33:37 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-14 17:40:19 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:19:06 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:19:10 406,392 -c--a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-04-14 16:17:04 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
    + 2008-04-14 15:59:30 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
    + 2008-04-14 16:22:05 272,768 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
    + 2007-11-30 11:19:06 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
    + 2007-11-30 11:19:06 234,872 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
    + 2007-11-30 11:19:06 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
    + 2007-11-30 11:19:10 406,392 -c--a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
    + 2008-05-07 04:55:47 1,294,336 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:11:24 1,294,336 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:59 1,294,336 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:19:06 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:19:06 234,872 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:19:06 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:31 406,392 -c--a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-05-01 15:04:51 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
    + 2008-05-01 14:36:26 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
    + 2008-05-01 14:39:23 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
    + 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
    - 2008-03-27 19:44:17 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    + 2008-09-22 18:49:38 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    - 2008-03-27 19:44:16 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
    + 2008-09-22 18:49:36 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
    - 2008-03-27 19:44:21 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
    + 2008-09-22 18:49:38 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
    - 2008-03-27 19:44:13 31,560 ----a-w C:\WINDOWS\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
    + 2008-09-22 18:49:32 31,560 ----a-w C:\WINDOWS\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
    - 2008-04-23 10:46:23 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-09-24 16:31:20 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2008-04-23 10:46:23 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-09-24 16:31:20 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2008-04-23 10:46:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-09-24 16:31:20 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2008-04-16 12:12:46 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:15 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:47 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:16 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:47 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:16 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-23 10:46:24 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:17 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:49 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:17 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:49 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:18 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:50 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:18 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:50 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:19 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:51 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:19 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-16 12:12:53 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-09-24 16:31:21 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-04-23 10:46:24 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-09-24 16:31:21 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2008-04-23 10:46:24 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-09-24 16:31:21 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2008-04-23 10:46:24 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-09-24 16:31:21 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2008-04-23 10:46:24 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-09-24 16:31:21 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2008-04-23 10:46:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-09-24 16:31:19 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2008-03-27 19:44:16 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    + 2008-09-22 18:49:37 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    - 2008-03-27 19:44:13 16,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
    + 2008-09-22 18:49:33 16,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
    - 2008-03-27 19:43:39 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
    + 2008-09-22 18:49:00 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
    - 2008-03-27 19:43:51 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-09-22 18:49:14 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    - 2008-03-27 19:43:51 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-09-22 18:49:14 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    - 2008-03-27 19:43:52 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-09-22 18:49:14 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    - 2008-03-27 19:44:13 404,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
    + 2008-09-22 18:49:34 404,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
    - 2008-03-27 19:43:53 88,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-09-22 18:49:15 88,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    - 2008-03-27 19:43:53 146,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2008-09-22 18:49:15 146,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    - 2008-03-27 19:43:52 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    + 2008-09-22 18:49:14 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    - 2008-03-27 19:43:52 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-09-22 18:49:14 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    - 2008-03-27 19:43:52 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-23 05:30:58 250,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2008-03-27 19:43:53 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    + 2008-09-22 18:49:14 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    - 2008-03-27 19:43:52 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-22 18:49:14 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    - 2008-03-27 19:43:53 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-09-22 18:49:15 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2008-03-27 19:44:16 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
    + 2008-09-22 18:49:37 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
    - 2008-03-27 19:43:52 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-09-22 18:49:14 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    - 2008-03-27 19:43:53 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-09-22 18:49:14 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2008-03-27 19:44:16 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
    + 2008-09-22 18:49:36 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
    - 2008-03-27 19:44:17 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
    + 2008-09-22 18:49:38 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
    - 2008-03-27 19:43:52 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-09-22 18:49:14 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
    - 2008-03-27 19:43:37 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
    + 2008-09-22 18:49:00 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
    - 2008-03-27 19:43:39 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
    + 2008-09-22 18:49:00 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
    - 2008-03-27 19:43:58 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
    + 2008-09-22 18:49:21 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
    - 2008-03-27 19:44:13 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-09-22 18:49:34 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
    - 2008-03-27 19:44:13 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
    + 2008-09-22 18:49:34 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
    - 2008-03-27 19:44:10 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
    + 2008-09-22 18:49:25 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
    - 2008-03-27 19:44:09 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-09-22 18:49:24 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
    - 2008-03-27 19:44:10 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-22 18:49:25 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
    - 2008-03-27 19:44:11 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
    + 2008-09-22 18:49:28 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
    - 2008-03-27 19:44:05 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-22 18:49:22 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
    - 2008-03-27 19:44:12 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    + 2008-09-22 18:49:32 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    - 2008-03-27 19:44:06 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
    + 2008-09-22 18:49:22 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
    - 2008-03-27 19:44:06 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
    + 2008-09-22 18:49:22 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
    - 2008-03-27 19:44:13 118,112 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
    + 2008-09-22 18:49:33 118,112 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
    - 2008-03-27 19:44:30 367,400 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
    + 2008-09-22 18:49:40 367,400 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
    - 2008-03-27 19:44:13 609,104 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
    + 2008-09-22 18:49:33 609,104 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
    - 2008-03-27 19:44:13 43,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
    + 2008-09-22 18:49:33 43,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
    - 2008-03-27 19:44:13 39,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
    + 2008-09-22 18:49:34 39,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
    - 2008-03-27 19:44:13 60,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
    + 2008-09-22 18:49:33 60,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
    + 2008-09-22 18:47:20 11,560 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.resources.dll
    - 2008-03-27 19:44:15 211,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
    + 2008-09-22 18:49:35 211,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
    + 2008-09-22 18:47:20 12,600 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources.dll
    - 2008-03-27 19:44:15 105,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
    + 2008-09-22 18:49:35 105,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
    + 2008-09-22 18:47:20 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources.dll
    - 2008-03-27 19:44:14 330,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
    + 2008-09-22 18:49:35 330,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
    + 2008-09-22 18:47:20 11,064 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources.dll
    - 2008-03-27 19:44:15 39,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
    + 2008-09-22 18:49:36 39,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
    - 2008-03-27 19:44:15 39,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
    + 2008-09-22 18:49:36 39,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
    + 2008-09-22 18:47:20 13,104 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources.dll
    - 2008-03-27 19:44:14 72,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
    + 2008-09-22 18:49:35 72,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
    - 2008-03-27 19:44:15 47,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2008-09-22 18:49:36 47,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2008-03-27 19:44:15 39,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
    + 2008-09-22 18:49:36 39,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
    + 2008-08-01 11:35:19 36,094 ----a-w C:\WINDOWS\DIIUnin.dat
    + 2008-06-14 17:59:52 272,768 -c----w C:\WINDOWS\Driver Cache\i386\bthport.sys
    + 2006-10-27 13:16:36 133,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
    + 2006-10-26 18:55:32 87,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
    + 2006-10-27 13:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
    + 2006-10-26 18:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
    + 2006-10-26 18:55:48 340,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
    + 2006-10-27 13:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
    + 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
    + 2006-10-27 13:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
    + 2006-10-26 18:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
    + 2006-10-27 13:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGL.DLL
    + 2006-10-27 13:16:46 2,939,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
    + 2006-10-26 18:34:12 660,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
    + 2006-10-26 18:34:10 192,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
    + 2006-09-15 14:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
    + 2006-10-27 13:16:44 594,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
    + 2006-10-27 13:16:48 12,813,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
    + 2006-10-27 13:16:40 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
    + 2006-10-27 13:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
    + 2006-10-27 13:04:06 465,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
    + 2006-10-27 13:04:06 7,980,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
    + 2008-09-22 18:49:14 248,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL
    + 2006-10-26 18:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
    + 2006-10-26 18:55:54 413,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
    + 2006-10-27 13:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
    + 2006-10-26 18:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
    + 2006-10-26 18:55:44 263,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
    + 2006-10-26 18:55:44 272,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
    + 2006-10-27 13:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
    + 2006-10-27 13:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
    + 2006-10-27 13:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
    + 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
    + 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
    + 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
    + 2008-06-02 16:28:27 10,134 ----a-r C:\WINDOWS\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
    + 2008-08-12 15:40:52 7,406 ----a-r C:\WINDOWS\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\DesktopStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe
    + 2008-06-02 16:27:15 10,134 ----a-r C:\WINDOWS\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
    + 2008-10-05 20:27:48 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
    + 2008-10-05 20:28:42 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
    + 2008-09-23 05:32:44 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-09-23 05:32:44 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-09-23 05:32:44 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-09-23 05:32:44 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2008-09-23 05:32:44 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-09-23 05:32:44 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-09-23 05:32:44 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-09-23 05:32:44 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-09-23 05:32:44 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-09-23 05:32:44 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-09-23 05:32:44 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-04-09 05:24:43 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-09-10 21:48:44 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-09-22 18:46:45 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
    + 2008-07-12 12:43:38 194,467 ----a-r C:\WINDOWS\Installer\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}\ARPPRODUCTICON.exe
    + 2008-07-12 12:43:38 237,568 ----a-r C:\WINDOWS\Installer\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}\NewShortcut1_B48907A51286461CB891E78796BF2936.exe
    + 2008-10-05 20:29:10 102,400 ----a-r C:\WINDOWS\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
    + 2008-02-29 01:12:38 76,304 ----a-w C:\WINDOWS\KHALMNPR.Exe
    - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    + 2000-08-31 06:00:00 28,672 -c--a-w C:\WINDOWS\Nircmd.exe
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelFrench.dll
    + 2008-06-11 07:02:32 58,648 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelGerman.dll
    + 2008-06-11 07:02:32 58,648 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
    + 2008-06-11 07:02:32 58,648 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelKorean.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
    - 2007-04-20 05:57:28 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
    - 2007-04-20 05:57:30 53,248 -c--a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
    + 2008-06-11 07:02:34 58,648 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
    - 2007-07-24 06:20:06 207,405 -c--a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
    + 2007-07-23 07:02:42 199,885 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
    - 2007-04-16 07:24:38 122,249 -c--a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
    + 2008-02-29 08:18:36 119,473 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
    - 2007-06-12 07:22:58 214,141 -c--a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
    + 2008-02-29 08:18:36 214,629 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
    - 2007-05-16 06:42:44 105,981 -c--a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
    + 2008-03-20 06:24:14 116,977 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
    + 2005-02-24 10:10:10 2,084,864 ----a-w C:\WINDOWS\system32\AudDesign.dll
    + 2005-02-24 10:10:30 417,792 ----a-w C:\WINDOWS\system32\AudDisplay.dll
    + 2005-03-11 15:37:10 1,986,560 ----a-w C:\WINDOWS\system32\AudFile.dll
    + 2005-02-24 10:11:06 1,212,416 ----a-w C:\WINDOWS\system32\AudioInfos.dll
    + 2005-03-10 14:00:30 454,656 ----a-w C:\WINDOWS\system32\AudioRecord.dll
    + 2005-02-24 10:11:56 479,232 ----a-w C:\WINDOWS\system32\AudioVisu.dll
    + 2005-02-24 13:21:12 458,752 ----a-w C:\WINDOWS\system32\AudPlayer.dll
    + 2008-05-02 00:38:42 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
    - 2003-01-21 17:50:58 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-29 01:15:30 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2003-01-21 17:50:58 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-29 01:15:30 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2003-01-21 17:50:58 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-29 01:15:30 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-05 13:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
    + 2008-02-05 21:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
    + 2008-03-05 13:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
    - 2004-08-03 23:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-06-14 17:59:52 272,768 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
    - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    - 2004-08-19 16:09:24 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    - 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2005-07-26 04:39:57 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    + 2008-07-07 20:31:48 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    - 2007-08-21 06:17:23 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2007-11-14 07:28:02 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2004-08-19 14:52:34 23,680 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
    + 2004-08-19 13:52:34 23,680 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
    - 2001-08-23 16:04:42 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
    + 2001-08-23 15:04:42 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
    - 2004-08-19 16:09:34 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    + 2008-05-01 14:31:48 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    - 2005-06-29 01:49:41 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    + 2008-06-24 16:23:56 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    - 2004-08-19 16:09:34 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    - 2004-08-19 16:09:34 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    - 2004-08-19 16:09:34 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    - 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    - 2004-08-19 16:09:34 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    - 2004-08-19 16:09:34 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    - 2004-08-19 16:09:34 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    - 2004-08-19 16:09:34 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    - 2004-08-19 16:09:34 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    - 2004-08-19 16:09:34 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    - 2004-08-19 16:09:34 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    - 2004-08-19 16:09:34 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    - 2004-08-19 16:09:36 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    - 2004-08-19 16:09:36 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    - 2004-08-19 16:09:36 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:06 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    - 2004-08-19 16:09:36 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    - 2004-08-19 16:09:36 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    - 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    - 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    - 2004-08-19 16:09:48 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    - 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2004-08-03 23:14:16 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    - 2007-11-29 00:17:28 20,240 ----a-w C:\WINDOWS\system32\drivers\L8042Kbd.sys
    + 2008-02-29 01:12:48 20,240 ----a-w C:\WINDOWS\system32\drivers\L8042Kbd.sys
    + 2008-02-29 01:13:16 35,344 ----a-w C:\WINDOWS\system32\drivers\LHidFilt.Sys
    + 2008-02-29 01:13:24 36,880 ----a-w C:\WINDOWS\system32\drivers\LMouFilt.Sys
    - 2004-08-19 14:52:34 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
    + 2004-08-19 13:52:34 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
    - 2001-08-23 16:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
    + 2001-08-23 15:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
    - 2007-12-05 00:41:00 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    + 2008-08-15 21:22:00 6,121,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    - 2008-04-25 12:08:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    + 2008-05-09 13:53:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
    + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    - 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    + 2004-08-03 20:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
    + 2006-11-02 05:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
    + 2006-11-02 05:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
    + 2007-08-28 15:05:12 55,808 ----a-w C:\WINDOWS\system32\drivers\xusb21.sys
    + 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
    + 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
    + 2008-10-01 11:01:28 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
    + 2004-07-31 16:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
    - 2005-07-26 04:39:57 243,200 ----a-w C:\WINDOWS\system32\es.dll
    + 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll
    - 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
    + 2007-08-22 23:03:38 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
    + 2006-10-26 12:42:36 36,160 ----a-w C:\WINDOWS\system32\FM20FRA.DLL
    - 2008-04-20 09:31:51 1,564,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-09-23 05:04:48 1,564,808 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-05-18 19:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
    - 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2006-10-26 12:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
    + 2006-10-26 11:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
    - 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2008-05-02 00:39:50 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
    + 2008-05-02 00:39:54 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
    + 2008-05-02 00:40:02 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
    + 2008-05-02 00:40:08 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
    - 2007-12-05 00:41:00 425,984 -c--a-w C:\WINDOWS\system32\keystone.exe
    + 2008-08-15 21:22:00 436,768 ----a-w C:\WINDOWS\system32\keystone.exe
    - 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2005-06-29 01:49:41 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    + 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    - 2004-08-19 16:09:34 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
    - 2004-08-19 16:09:34 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
    - 2004-08-19 16:09:34 1,507,356 -c--a-w C:\WINDOWS\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
    - 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    - 2004-08-19 16:09:34 184,351 -c--a-w C:\WINDOWS\system32\msjint40.dll
    + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    - 2004-08-19 16:09:34 53,279 -c--a-w C:\WINDOWS\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
    - 2004-08-19 16:09:34 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
    - 2004-08-19 16:09:34 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltu
    Contenus similaires
    a b 8 Sécurité
    13 Octobre 2008 18:36:20

    Re,$$Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    a b 8 Sécurité
    13 Octobre 2008 19:20:38

    Message supprimé : chacun son sujet
    13 Octobre 2008 20:48:54

    Rapport mbam :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1266
    Windows 5.1.2600 Service Pack 2

    13/10/2008 20:24:39
    mbam-log-2008-10-13 (20-24-36).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 87033
    Temps écoulé: 53 minute(s), 39 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\6LN0dYGS.exe.vir (Trojan.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\a82sD246.dll.vir (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP20\A0009586.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP20\A0009606.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009612.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009652.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009674.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009847.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009851.dll (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009869.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009884.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP21\A0009890.dll (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP22\A0009900.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{DEA52D6B-BDF7-4C3C-AFE6-F3E0E845547A}\RP22\A0009901.dll (Trojan.BHO) -> No action taken.
    a b 8 Sécurité
    14 Octobre 2008 12:33:57

    Tu as bien supprimé les infections ?
    14 Octobre 2008 17:35:15

    Oui oui, j'ai bien cliqué sur "supprimer la sélection" !
    a b 8 Sécurité
    14 Octobre 2008 17:50:19

    Reposte un rapport Hijackthis.
    14 Octobre 2008 17:55:54

    Voila voila !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:55:44, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    K:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    K:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\a82sD246.dll
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 5571 bytes
    a b 8 Sécurité
    14 Octobre 2008 17:56:36

    Re,

    Télécharge Random's System Information Tool (RSIT) par (random/random[/#f]) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt [#ff0000](affiché)

  • ainsi que de info.txt (réduit dans la Barre des Tâches).
  • Veille bien à poster l'intégralité des rapports. Vérifie qu'ils soient complets une fois que tu les as postés.

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    14 Octobre 2008 18:03:43

    Voici le rapport de log.txt

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Bardy at 2008-10-14 18:02:24
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 223 MB (3%) free of 8 GB
    Total RAM: 2047 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:27, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    K:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    K:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    K:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\6LN0dYGS.exe
    K:\Downloads\RSIT.exe
    K:\Program Files\Trend Micro\HijackThis\Bardy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\a82sD246.dll
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 5712 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    C:\WINDOWS\tasks\Maintenance en 1 clic.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    solution Class - C:\WINDOWS\system32\a82sD246.dll [2008-10-13 29184]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCDMon"=C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe [2007-04-26 774168]
    "Launch LGDCore"=C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe [2007-04-26 1132056]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-15 13570048]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-15 86016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
    "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-04-04 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe [2007-11-29 87392]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit]
    K:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [2006-12-27 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    K:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor]
    K:\Program Files\NewSoft\Presto! PVR\Monitor.exe [2007-05-29 143360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    K:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    K:\Program Files\Skype\Phone\Skype.exe [2008-04-30 22058792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bardy^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
    []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Logitech SetPoint.lnk - K:\Program Files\Logitech\SetPoint\SetPoint.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
    "K:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="K:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
    "K:\Program Files\Skype\Phone\Skype.exe"="K:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "K:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="K:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "K:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="K:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
    "K:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="K:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
    "K:\Downloads\rapget141\rapget.exe"="K:\Downloads\rapget141\rapget.exe:*:Enabled:rapget"
    "K:\Program Files\Bonjour\mDNSResponder.exe"="K:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "K:\Program Files\iTunes\iTunes.exe"="K:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{923a9ef0-c4f1-11dc-910b-001bfc797b1e}]
    shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{923a9ef1-c4f1-11dc-910b-001bfc797b1e}]
    shell\AutoRun\command - setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2008-10-14 18:02:24 ----D---- C:\rsit
    2008-10-13 21:15:54 ----A---- C:\WINDOWS\system32\a82sD246.dll
    2008-10-13 21:15:54 ----A---- C:\WINDOWS\system32\6LN0dYGS.exe.a_a
    2008-10-13 21:15:54 ----A---- C:\WINDOWS\system32\6LN0dYGS.exe
    2008-10-13 21:03:20 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-10-13 18:32:53 ----A---- C:\ComboFix.txt
    2008-10-13 18:24:41 ----A---- C:\WINDOWS\SWXCACLS.exe
    2008-10-13 18:09:58 ----D---- C:\Documents and Settings\Bardy\Application Data\XRay Engine
    2008-10-10 13:59:09 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-05 22:29:03 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2008-10-05 22:28:53 ----D---- K:\Program Files\iPod
    2008-10-05 22:28:52 ----D---- K:\Program Files\iTunes
    2008-10-05 22:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-05 22:28:40 ----D---- K:\Program Files\Bonjour
    2008-10-05 22:28:20 ----D---- K:\Program Files\QuickTime
    2008-10-05 22:27:45 ----SHD---- C:\Config.Msi
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2008-09-24 18:31:38 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-09-24 18:30:54 ----D---- C:\WINDOWS\Logs
    2008-09-24 18:21:07 ----D---- K:\Program Files\Deep Silver
    2008-09-22 20:49:33 ----D---- K:\Program Files\MSBuild
    2008-09-22 20:49:21 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-09-22 20:48:59 ----D---- K:\Program Files\Microsoft.NET
    2008-09-22 20:46:52 ----D---- C:\WINDOWS\SHELLNEW
    2008-09-21 22:38:40 ----A---- C:\WINDOWS\system32\jtHy0603.exe
    2008-09-16 21:55:03 ----A---- C:\WINDOWS\system32\bzpdfc.dll
    2008-09-16 21:55:03 ----A---- C:\WINDOWS\system32\bzFlRdr.dll
    2008-09-16 21:55:03 ----A---- C:\WINDOWS\system32\bzDCT.dll
    2008-09-16 21:55:00 ----A---- C:\WINDOWS\system32\bzpdf.dll
    2008-09-16 21:54:58 ----D---- K:\Program Files\Bullzip
    2008-09-16 21:53:30 ----D---- C:\Documents and Settings\Bardy\Application Data\Bullzip

    ======List of files/folders modified in the last 1 months======

    2008-10-14 17:13:51 ----D---- C:\WINDOWS\Temp
    2008-10-14 07:33:35 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-13 21:15:54 ----D---- C:\WINDOWS\system32
    2008-10-13 21:07:08 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-10-13 18:32:56 ----D---- C:\WINDOWS\system32\drivers
    2008-10-13 18:32:55 ----D---- C:\WINDOWS
    2008-10-13 18:32:38 ----D---- C:\QooBox
    2008-10-13 18:32:23 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-13 18:28:30 ----A---- C:\WINDOWS\system.ini
    2008-10-13 18:26:46 ----D---- C:\WINDOWS\system32\config
    2008-10-13 18:26:22 ----D---- C:\WINDOWS\erdnt
    2008-10-13 18:25:46 ----D---- C:\WINDOWS\AppPatch
    2008-10-13 18:24:41 ----D---- C:\WINDOWS\Prefetch
    2008-10-13 18:10:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-13 16:28:07 ----D---- C:\WINDOWS\Help
    2008-10-10 13:24:04 ----D---- C:\WINDOWS\Minidump
    2008-10-08 17:07:30 ----D---- K:\Program Files\Spybot - Search & Destroy
    2008-10-07 22:10:58 ----SHD---- C:\WINDOWS\CSC
    2008-10-05 22:29:10 ----SHD---- C:\WINDOWS\Installer
    2008-10-05 22:29:03 ----HD---- C:\WINDOWS\inf
    2008-10-05 22:29:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-10-05 22:28:22 ----D---- C:\Program Files\Fichiers communs\Apple
    2008-10-05 22:27:46 ----RD---- C:\Program Files
    2008-10-05 22:27:45 ----SD---- C:\WINDOWS\Tasks
    2008-09-29 20:48:23 ----A---- C:\VundoFix.txt
    2008-09-29 19:57:33 ----D---- K:\Program Files\Malwarebytes' Anti-Malware
    2008-09-24 23:13:55 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2008-09-24 23:13:22 ----RSD---- C:\WINDOWS\assembly
    2008-09-24 23:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-24 22:47:35 ----D---- C:\WINDOWS\Debug
    2008-09-24 18:31:39 ----D---- C:\WINDOWS\system32\DirectX
    2008-09-22 22:37:42 ----SD---- C:\Documents and Settings\Bardy\Application Data\Microsoft
    2008-09-22 20:49:23 ----D---- K:\Program Files\Microsoft Office
    2008-09-22 20:49:05 ----RSD---- C:\WINDOWS\Fonts
    2008-09-22 20:48:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-09-22 20:47:20 ----D---- K:\Program Files\Microsoft Visual Studio 8
    2008-09-22 20:47:06 ----A---- C:\WINDOWS\win.ini
    2008-09-22 20:47:02 ----D---- C:\Program Files\Fichiers communs\System

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-05 278984]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-05 25416]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
    R3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\dvb7700all.sys [2007-07-02 466176]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-15 6121504]
    R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
    R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter; C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2007-08-18 386688]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
    S1 lusbaudio;Microphone USB Logitech; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-19 60800]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    S3 ayx651q7;ayx651q7; C:\WINDOWS\system32\drivers\ayx651q7.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-19 61824]
    S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
    S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
    S3 QCEmerald;QuickCam Web Logitech; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Bonjour Service;Service Bonjour; K:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-04-04 126976]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-15 163908]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-18 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 iPod Service;Service de l’iPod; K:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
    S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-16 66872]

    -----------------EOF-----------------



    Voici le rapport de info.txt
    info.txt logfile of random's system information tool 1.04 2008-10-14 18:02:28

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
    3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
    7-Zip 4.57-->MsiExec.exe /I{23170F69-40C1-2701-0457-000001000000}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
    Audacity 1.2.6-->"K:\Program Files\Audacity\unins000.exe"
    Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Bullzip PDF Printer 6.0.0.684-->"K:\Program Files\Bullzip\PDF Printer\unins000.exe"
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
    DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
    Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Float32 2.0-->MsiExec.exe /I{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}
    GPL Ghostscript Lite 8.63-->"K:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
    HijackThis 2.0.2-->"K:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Logitech G15 Keyboard Software 1.04-->MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}
    Logitech SetPoint-->K:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    Malwarebytes' Anti-Malware-->"K:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
    Microsoft Color Control Panel Applet for Windows XP-->MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1036}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA nTune-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1036
    NVIDIA PhysX v8.08.18-->MsiExec.exe /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Presto! PVR-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}\setup.exe" -l0x40c -u
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Real Alternative 1.8.0-->"K:\Program Files\Real Alternative\unins000.exe"
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    S.T.A.L.K.E.R. - Clear Sky [v1.0004]-->"K:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\unins000.exe"
    S810-->K:\Program Files\InstallShield Installation Information\{7FF90D04-A60F-42A0-8F78-88623F99DCAC}\setup.exe -runfromtemp -l0x040c -removeonly
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
    Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Spybot - Search & Destroy-->"K:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB932080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner-->RunDll32.exe "K:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

    =====HijackThis Backups=====

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O4 - HKLM\..\Run: [lphc3t4j0ep8c] C:\WINDOWS\system32\lphc3t4j0ep8c.exe
    O4 - HKLM\..\Run: [inrhc7t4j0ep8c] C:\Documents and Settings\Bardy\Local Settings\Temp\.tt6E.tmp.exe /CR=7A58C7C65B49562366289DC37768C62B7EBB48A986E5DC5C5BB0080D4564B98761C24DBA01055FCAED9BD0CA2A638D3566056C92DB3828AB3353772D114C12BFD60215CDF1ACC27B531D7453FF9917E74976AB
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.touslesdrivers.com/
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;G:\Samsung;C:\Program Files;K:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem;K:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
    "PROCESSOR_REVISION"=0f0b
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;K:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=K:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
    a b 8 Sécurité
    14 Octobre 2008 18:15:35

    Re,

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\tasks\At*.job
    C:\WINDOWS\system32\a82sD246.dll
    C:\WINDOWS\SWXCACLS.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    14 Octobre 2008 18:21:58

    Voici le rapport :

    ========== FILES ==========
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At40.job moved successfully.
    C:\WINDOWS\tasks\At41.job moved successfully.
    C:\WINDOWS\tasks\At42.job moved successfully.
    C:\WINDOWS\tasks\At43.job moved successfully.
    C:\WINDOWS\tasks\At44.job moved successfully.
    C:\WINDOWS\tasks\At45.job moved successfully.
    C:\WINDOWS\tasks\At46.job moved successfully.
    C:\WINDOWS\tasks\At47.job moved successfully.
    C:\WINDOWS\tasks\At48.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    C:\WINDOWS\system32\a82sD246.dll unregistered successfully.
    C:\WINDOWS\system32\a82sD246.dll moved successfully.
    C:\WINDOWS\SWXCACLS.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10142008_181959
    a b 8 Sécurité
    14 Octobre 2008 18:28:45

    Reposte un rapport Hijackthis.
    14 Octobre 2008 18:33:02

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:32:52, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    K:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    K:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    K:\Downloads\rapget141\rapget.exe
    C:\WINDOWS\system32\6LN0dYGS.exe
    K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 5538 bytes
    a b 8 Sécurité
    14 Octobre 2008 18:48:10

    Re,

    Supprime :
    C:\WINDOWS\system32\6LN0dYGS.exe.
    14 Octobre 2008 18:50:56

    C'est fait ... on touche au but ?
    a b 8 Sécurité
    14 Octobre 2008 19:03:48

    Oui je pense :) 

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS