Votre question

Infecté par TR/Vundo.Gen - Trojan

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Septembre 2008 13:36:12

Bonjour a tous,
Avira antivir a repéré ce trojan sur mon pc (vista),je sollicite donc votre aide pour m'aider à m'en débarassé.
Apres avoir lu pas mal de messages à propos de ce trojan j'ai deja telechargé hijackthis et le rapport est pret à etre posté.
Merci d'avance

Autres pages sur : infecte vundo gen trojan

27 Septembre 2008 18:56:26

Bonjour et merci de me répondre.
Voici le rapport obtenu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:22, on 27/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: bambanner browser enhancer - {1a60f718-14c9-b49d-3d9c-c82feca9d86a} - C:\Windows\system32\fxmccdmtjpsbeobuh.dll
O2 - BHO: (no name) - {3FE9A08A-6D75-4124-B006-40A197729B89} - C:\Users\JC\AppData\Local\Temp\nnnKEtUo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {9F539EEA-6BC1-436E-B60D-9662471E9417} - C:\Windows\system32\efcBurPh.dll (file missing)
O2 - BHO: {00918b70-a838-f4b8-a154-e4b1396e90cb} - {bc09e693-1b4e-451a-8b4f-838a07b81900} - C:\Windows\system32\easjtm.dll
O2 - BHO: (no name) - {BF2B683A-38B3-49F8-9C60-FA055DD49058} - C:\Windows\system32\cbXRjgFu.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{ecac644c-86fd-817b-27eb-12dac5c1147c}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\fxmccdmtjpsbeobuh.dll" DllStub
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXrQGaA.dll,#1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [de70a30a] rundll32.exe "C:\Windows\system32\qtkwlslk.dll",b
O4 - HKLM\..\Run: [BMdd439096] Rundll32.exe "C:\Windows\system32\chgunhaf.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\JC\lsass.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JC\AppData\Local\Temp\qoMeETMG.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: easjtm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

--
End of file - 10069 bytes
Contenus similaires
a b 8 Sécurité
27 Septembre 2008 19:05:05

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    27 Septembre 2008 19:54:15

    voila la suite, (encore merci;-)

    ComboFix 08-09-26.06 - JC 2008-09-27 19:33:18.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1195 [GMT 2:00]
    Lancé depuis: C:\Users\JC\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\network monitor
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Users\JC\AppData\Roaming\Microsoft\Windows\Cookies\jc@ad.yieldmanager[2].txt
    C:\Users\JC\AppData\Roaming\Microsoft\Windows\Cookies\jc@servedby.topqualityads[1].txt
    C:\Windows\cookies.ini
    C:\Windows\system32\mcrh.tmp
    C:\Windows\system32\MSINET.oca
    C:\Windows\system32\pac.txt

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 17:32 578,592 --sha-w C:\Windows\System32\uFgjRXbc.ini2
    2008-09-27 14:53 73,216 ----a-w C:\Windows\System32\qtkwlslk.dll
    2008-09-27 14:53 115,200 ----a-w C:\Windows\System32\reudrdfw.dll
    2008-09-27 14:53 115,200 ----a-w C:\Windows\System32\easjtm.dll
    2008-09-27 14:53 105,984 ----a-w C:\Windows\System32\chgunhaf.dll
    2008-09-27 13:52 115,200 ----a-w C:\Windows\System32\uqmthn.dll
    2008-09-27 13:52 115,200 ----a-w C:\Windows\System32\esjgbacy.dll
    2008-09-27 13:47 105,984 ----a-w C:\Windows\System32\ttkjxbjm.dll
    2008-09-27 13:42 27,050 ----a-w C:\Users\JC\AppData\Roaming\nvModes.dat
    2008-09-27 11:25 --------- d-----w C:\Program Files\Trend Micro
    2008-09-27 11:19 559,365 --sha-w C:\Windows\System32\hOWDffii.ini2
    2008-09-27 11:16 115,200 ----a-w C:\Windows\System32\ikvxttem.dll
    2008-09-27 11:16 115,200 ----a-w C:\Windows\System32\avwfzh.dll
    2008-09-27 11:11 105,984 ----a-w C:\Windows\System32\dhrddnis.dll
    2008-09-27 11:10 284,160 ----a-w C:\Windows\System32\iiffDWOh.dll
    2008-09-26 22:18 554,734 --sha-w C:\Windows\System32\AdLkkUtv.ini2
    2008-09-26 22:16 105,984 ----a-w C:\Windows\System32\rwslaqqk.dll
    2008-09-26 22:15 284,160 ----a-w C:\Windows\System32\vtUkkLdA.dll
    2008-09-26 19:07 587,213 --sha-w C:\Windows\System32\UBHOnpXx.ini2
    2008-09-26 16:27 115,200 ----a-w C:\Windows\System32\zaabwk.dll
    2008-09-26 16:27 115,200 ----a-w C:\Windows\System32\lipceymj.dll
    2008-09-26 16:23 284,160 ----a-w C:\Windows\System32\xXpnOHBU.dll
    2008-09-26 09:26 115,200 ----a-w C:\Windows\System32\wnrvue.dll
    2008-09-26 09:26 115,200 ----a-w C:\Windows\System32\cywmwlhh.dll
    2008-09-26 09:23 105,984 ----a-w C:\Windows\System32\rkforvqx.dll
    2008-09-25 20:20 115,200 ----a-w C:\Windows\System32\cytdpb.dll
    2008-09-25 20:20 115,200 ----a-w C:\Windows\System32\awrmkust.dll
    2008-09-25 10:35 555,912 --sha-w C:\Windows\System32\YxyabaKj.ini2
    2008-09-25 10:26 115,200 ----a-w C:\Windows\System32\wiahgm.dll
    2008-09-25 10:26 115,200 ----a-w C:\Windows\System32\ogogjuro.dll
    2008-09-25 10:25 105,472 ----a-w C:\Windows\System32\nfbyuavn.dll
    2008-09-25 10:22 284,160 ----a-w C:\Windows\System32\jKabayxY.dll
    2008-09-24 18:58 105,472 ----a-w C:\Windows\System32\iuhwhvox.dll
    2008-09-24 18:57 284,160 ----a-w C:\Windows\System32\ssqPfEVm.dll
    2008-09-24 17:24 561,558 --sha-w C:\Windows\System32\AdLkSvut.ini2
    2008-09-24 17:21 84,992 ----a-w C:\Windows\System32\gwbwanpj.dll
    2008-09-24 17:18 115,200 ----a-w C:\Windows\System32\lnwkonxk.dll
    2008-09-24 17:18 115,200 ----a-w C:\Windows\System32\btfihq.dll
    2008-09-24 17:15 105,472 ----a-w C:\Windows\System32\qdacnckp.dll
    2008-09-24 17:14 284,160 ----a-w C:\Windows\System32\tuvSkLdA.dll
    2008-09-24 10:50 565,198 --sha-w C:\Windows\System32\WFeOnnnn.ini2
    2008-09-24 08:56 95,744 ----a-w C:\Windows\System32\alqyhrpl.dll
    2008-09-24 08:56 115,200 ----a-w C:\Windows\System32\ymldnsmq.dll
    2008-09-24 08:56 115,200 ----a-w C:\Windows\System32\mnojtt.dll
    2008-09-24 08:55 284,672 ----a-w C:\Windows\System32\nnnnOeFW.dll
    2008-09-23 20:09 284,160 ----a-w C:\Windows\System32\iifcDWoo.dll
    2008-09-23 20:06 71 ----a-w C:\Users\JC\9974.bat
    2008-09-23 20:06 40,960 ----a-w C:\Users\JC\index.exe
    2008-09-23 17:22 71 ----a-w C:\Users\JC\6390.bat
    2008-09-23 17:09 4,096 ----a-w C:\Windows\System32\fccDWqpQ.dll
    2008-09-23 17:06 71 ----a-w C:\Users\JC\7616.bat
    2008-09-23 16:43 71 ----a-w C:\Users\JC\1630.bat
    2008-09-23 16:06 96,256 ----a-w C:\Windows\System32\uipeejhn.dll
    2008-09-23 16:06 115,200 ----a-w C:\Windows\System32\nogokrsv.dll
    2008-09-23 16:06 115,200 ----a-w C:\Windows\System32\jowpag.dll
    2008-09-23 16:01 71 ----a-w C:\Users\JC\3191.bat
    2008-09-23 15:30 71 ----a-w C:\Users\JC\2663.bat
    2008-09-23 15:02 71 ----a-w C:\Users\JC\2609.bat
    2008-09-23 14:45 555,530 --sha-w C:\Windows\System32\QWDMUvut.ini2
    2008-09-23 14:45 115,200 ----a-w C:\Windows\System32\mjubeoln.dll
    2008-09-23 14:45 115,200 ----a-w C:\Windows\System32\hejhvz.dll
    2008-09-23 14:43 96,256 ----a-w C:\Windows\System32\nyimovwc.dll
    2008-09-23 14:42 284,160 ----a-w C:\Windows\System32\tuvUMDWQ.dll
    2008-09-23 14:39 71 ----a-w C:\Users\JC\4973.bat
    2008-09-23 13:39 96,256 ----a-w C:\Windows\System32\lthfdrhm.dll
    2008-09-23 13:38 284,160 ----a-w C:\Windows\System32\opnomlIa.dll
    2008-09-23 13:34 71 ----a-w C:\Users\JC\3234.bat
    2008-09-23 10:17 71 ----a-w C:\Users\JC\9234.bat
    2008-09-23 08:09 71 ----a-w C:\Users\JC\4312.bat
    2008-09-23 08:09 34,816 ----a-w C:\Windows\System32\khfFYSlM.dll
    2008-09-23 08:09 34,816 ----a-w C:\Windows\System32\hgGyvtSk.dll
    2008-09-22 19:00 71 ----a-w C:\Users\JC\6938.bat
    2008-09-22 17:12 71 ----a-w C:\Users\JC\5399.bat
    2008-09-22 17:08 547,918 --sha-w C:\Windows\System32\dLmoYcfe.ini2
    2008-09-22 17:07 95,232 ----a-w C:\Windows\System32\xabkbclw.dll
    2008-09-22 17:04 284,672 ----a-w C:\Windows\System32\efcYomLd.dll
    2008-09-22 17:02 34,816 ----a-w C:\Windows\System32\ljJcawxx.dll
    2008-09-22 17:02 34,816 ----a-w C:\Windows\System32\hgGxwuTn.dll
    2008-09-22 17:01 71 ----a-w C:\Users\JC\3640.bat
    2008-09-22 15:42 115,200 ----a-w C:\Windows\System32\tthrqu.dll
    2008-09-22 15:42 115,200 ----a-w C:\Windows\System32\octbeiuo.dll
    2008-09-22 15:39 95,232 ----a-w C:\Windows\System32\igwvdsov.dll
    2008-09-20 20:02 221,184 ----a-w C:\Windows\System32\kfywvddj.dll
    2008-09-20 20:02 115,200 ----a-w C:\Windows\System32\tojpacsj.dll
    2008-09-20 20:02 115,200 ----a-w C:\Windows\System32\sdtakr.dll
    2008-09-20 20:02 108,544 ----a-w C:\Windows\System32\gEWPhHyW.dll
    2008-09-20 19:59 96,256 ----a-w C:\Windows\System32\pbxqxhhs.dll
    2008-09-20 19:56 96,256 ----a-w C:\Windows\System32\dgwhlfrp.dll
    2008-09-20 19:19 71 ----a-w C:\Users\JC\5056.bat
    2008-09-20 15:26 552,650 --sha-w C:\Windows\System32\DMpqqYay.ini2
    2008-09-20 13:31 74,752 ----a-w C:\Windows\System32\rQHAtQHb.dll
    2008-09-20 13:31 221,184 ----a-w C:\Windows\System32\vaxygyui.dll
    2008-09-20 13:31 108,544 ----a-w C:\Windows\System32\geBuUOhh.dll
    2008-09-20 13:28 115,200 ----a-w C:\Windows\System32\ghgmvlmd.dll
    2008-09-20 13:28 115,200 ----a-w C:\Windows\System32\bjhtyc.dll
    2008-09-20 13:26 96,256 ----a-w C:\Windows\System32\vsjqpphj.dll
    2008-09-20 13:25 284,672 ----a-w C:\Windows\System32\yaYqqpMD.dll
    2008-09-20 13:21 71 ----a-w C:\Users\JC\7398.bat
    2008-09-20 10:41 --------- d-----w C:\ProgramData\Lavasoft
    2008-09-20 10:41 --------- d-----w C:\Program Files\Ad-Aware
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a60f718-14c9-b49d-3d9c-c82feca9d86a}]
    2008-08-29 14:11 166400 --a------ C:\Windows\system32\fxmccdmtjpsbeobuh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc09e693-1b4e-451a-8b4f-838a07b81900}]
    2008-09-27 16:53 115200 --a------ C:\Windows\system32\easjtm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF2B683A-38B3-49F8-9C60-FA055DD49058}]
    2008-09-15 22:14 283648 --a------ C:\Windows\system32\cbXRjgFu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
    "MSServer"="C:\Windows\system32\tuvUKbBq.dll" [2008-09-15 34304]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 8429568]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-17 77824]
    "pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 258048]
    "PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 462848]
    "Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 315458]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "{ecac644c-86fd-817b-27eb-12dac5c1147c}"="C:\Windows\system32\fxmccdmtjpsbeobuh.dll" [2008-08-29 166400]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-14 155648]
    "de70a30a"="C:\Windows\system32\qtkwlslk.dll" [2008-09-27 73216]
    "BMdd439096"="C:\Windows\system32\chgunhaf.dll" [2008-09-27 105984]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 C:\WINDOWS\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5F6E5BDB-1442-45B7-B0C9-E927035A7415}"= "C:\Windows\system32\tuvUKbBq.dll" [2008-09-15 34304]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=easjtm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i263_32.drv
    "vidc.XVID"= xvid.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.l3codec"= l3codecp.acm
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.i263"= i263_32.drv
    "msacm.imc"= imc32.acm
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-06-14 19:10 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F82623D6-ECEC-4B8D-A97A-A4B7FB466766}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{EE3A4FBE-66DD-484A-9F72-3677D1306994}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{08F62DF6-F995-4843-93CD-017E93819D94}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R2 PCC_PFW;PC-Cillin Personal Firewall;C:\Windows\system32\Drivers\PCC_PFW.sys [2003-03-26 56796]
    R2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe [2003-03-26 163840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0068cbbf-5293-11dd-ae64-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ecf240-6401-11dd-8d17-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467e1576-43af-11dd-85a8-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467e157e-43af-11dd-85a8-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5acf64c1-7739-11dd-9c54-001b248e4747}]
    \shell\Auto\command - H:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82919872-3354-11dd-8fd1-806e6f6e6963}]
    \shell\AutoRun\command - E:\BeachSoccer-setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5bc869-43a8-11dd-8f88-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b776010b-8993-11dd-bb6c-001a6bdfdafe}]
    \shell\Auto\command - H:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf64ea65-87fc-11dd-8b35-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2d56d0a-5ef8-11dd-bf28-001b248e4747}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f84eb6b1-340a-11dd-b1d9-001a6bdfdafe}]
    \shell\Auto\command - H:\Start.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{3FE9A08A-6D75-4124-B006-40A197729B89} - C:\Users\JC\AppData\Local\Temp\nnnKEtUo.dll
    BHO-{9F539EEA-6BC1-436E-B60D-9662471E9417} - C:\Windows\system32\efcBurPh.dll
    HKCU-Run-LSA Shellu - C:\Users\JC\lsass.exe
    HKLM-Run-HP Software Update - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    ShellExecuteHooks-{114A72AF-007E-461D-89FF-864728C749C5} - C:\Windows\system32\tuvUKDTk.dll
    ShellExecuteHooks-{4E3FD859-E3E7-41AA-9A6B-03D76CF89658} - C:\Windows\system32\khfDvuvv.dll
    ShellExecuteHooks-{4CAFAF0C-C38F-43C1-8080-390E776254DE} - C:\Windows\system32\hgGyyVMF.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\6ow7jdoz.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-27 19:39:04
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    C:\Users\JC\AppData\Local\Temp\WSOCK32.DLL 14848 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\System32\audiodg.exe
    C:\Program Files\Ad-Aware\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-27 19:43:06 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-27 17:42:40

    Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
    Après-CF: 93,474,041,856 octets libres

    303 --- E O F --- 2008-09-12 18:00:04
    28 Septembre 2008 11:41:49

    que dois-je faire apres svp?
    a b 8 Sécurité
    28 Septembre 2008 21:45:16

    Il y a encore beaucoup de restes.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    29 Septembre 2008 00:29:58

    voila le rapport MBAM:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1221
    Windows 6.0.6000

    29/09/2008 00:21:48
    mbam-log-2008-09-29 (00-21-48).txt

    Type de recherche: Examen complet (C:\|D:\|F:\|)
    Eléments examinés: 149771
    Temps écoulé: 23 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 157

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\System32\cbXRjgFu.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6931ba54-bc1b-4099-9959-6fda716b1ed8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6931ba54-bc1b-4099-9959-6fda716b1ed8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bf1e2d7-45c9-425a-8464-14b4d233de51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7bf1e2d7-45c9-425a-8464-14b4d233de51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bambanner (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a60f718-14c9-b49d-3d9c-c82feca9d86a} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a60f718-14c9-b49d-3d9c-c82feca9d86a} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\de70a30a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{ecac644c-86fd-817b-27eb-12dac5c1147c} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmdd439096 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrjgfu -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrjgfu -> Delete on reboot.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\System32\cbXRjgFu.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\System32\uFgjRXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\uFgjRXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\wytjan.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\asurgwty.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ytwgrusa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\awtRIBQh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\hQBIRtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\hQBIRtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\awtUkLba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\abLkUtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\abLkUtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\beborqwj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\jwqrobeb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\efcCrSmL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\LmSrCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\LmSrCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\efcYomLd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\dLmoYcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\dLmoYcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\geBRhgeB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\BeghRBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\BeghRBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\gwbwanpj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\jpnawbwg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\iifcDWoo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ooWDcfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ooWDcfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\iiffDWOh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\hOWDffii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\hOWDffii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\jKabayxY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\YxyabaKj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\YxyabaKj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mlJAsPff.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ffPsAJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ffPsAJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\nnNDsPhG.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\GhPsDNnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\GhPsDNnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\nnnnOeFW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\WFeOnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\WFeOnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\opnomlIa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\aIlmonpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\aIlmonpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\pmnNDtUO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\OUtDNnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\OUtDNnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\qoMebARH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\HRAbeMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\HRAbeMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\rqRLfFWQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\QWFfLRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\QWFfLRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\rqRLFvwV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\VwvFLRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\VwvFLRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ssqNHyXp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\pXyHNqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ssqPfEVm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mVEfPqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mVEfPqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tuvSkLdA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\AdLkSvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\AdLkSvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tuvUMDWQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\QWDMUvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\QWDMUvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\uclkwnpe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\epnwklcu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\urQgGYPI.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\IPYGgQru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\IPYGgQru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\urqNDSiJ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\JiSDNqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\JiSDNqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\urqnmJbX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\XbJmnqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\XbJmnqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\vtUkkLdA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\AdLkkUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\AdLkkUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\wvUKDWOg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\gOWDKUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\gOWDKUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\xXpnOHBU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\UBHOnpXx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\UBHOnpXx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\yaYqqpMD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\DMpqqYay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\DMpqqYay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWBPRH0D\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWBPRH0D\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLVKSY9A\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGNOZFR4\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ahqvxapa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ailxohgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\aoiobeec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\apyzow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\avwfzh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\awrmkust.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\bjhtyc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\bpckog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\btfihq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\cifftqad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\cliaqdwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\cytdpb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\cywmwlhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\easjtm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\edstaedj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\entusv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\esjgbacy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\euloznnbbo.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\fyhaum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ggwohetn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ghgmvlmd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\hejhvz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ibkhluga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\iifcCTJa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ikvxttem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\jjitfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\jowpag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\lipceymj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\llawauae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\lnwkonxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\maknjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mbivyfox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mjobaroy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mjubeoln.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\nogokrsv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\octbeiuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ogogjuro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\pcwaod.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\qqusvpub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\qujauyip.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\reudrdfw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\rQHAtQHb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\scbcglas.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\sdtakr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tfsqqphx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tojpacsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tthrqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\uqmthn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\vatlop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\vrvnodwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\wiahgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\wnrvue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\xqqnwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\zaabwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\ztwtsf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\zvphet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\res\MTRA130t.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\vtUmJBUL.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\fxmccdmtjpsbeobuh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\kqriutij.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\fccDWqpQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    29 Septembre 2008 00:34:01

    ...bcp de fichiers infectés!!Ca fait peur!

    Au redémarrage antivir a repéré deux autres infections:
    un TR/Vundo.Gen et un TR/Crypt.XPACK.GEN
    Dois-je les supprimer manuellement à l'aide de MBAM?

    Apres cela reste r'il quelque chose à faire?

    merci pour votre aide
    29 Septembre 2008 10:32:15

    J'ai cru lire sur d'autres post qu'il fallait faire un second rapport hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:28:21, on 29/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: wytjan.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    --
    End of file - 7676 bytes
    a b 8 Sécurité
    29 Septembre 2008 17:02:53

    Refais un scan Combofix :) 
    29 Septembre 2008 21:46:09

    rapport combofix:

    ComboFix 08-09-28.01 - JC 2008-09-29 21:39:02.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1352 [GMT 2:00]
    Lancé depuis: C:\Users\JC\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\alqyhrpl.dll
    C:\Windows\system32\aWoNgdEW.dll
    C:\Windows\system32\bYOiGwXr.dll
    C:\Windows\system32\byXpnnNE.dll
    C:\Windows\system32\cbXpNgef.dll
    C:\Windows\system32\cbXRHaYQ.dll
    C:\Windows\system32\cgohsgpi.dll
    C:\Windows\system32\chgunhaf.dll
    C:\Windows\system32\cnojdqtr.dll
    C:\Windows\system32\dgwhlfrp.dll
    C:\Windows\system32\dhrddnis.dll
    C:\Windows\system32\dkscevck.dll
    C:\Windows\system32\eavvxosq.dll
    C:\Windows\system32\enftycns.dll
    C:\Windows\system32\geBuUOhh.dll
    C:\Windows\system32\gEWPhHyW.dll
    C:\Windows\system32\gqxeyhhi.dll
    C:\Windows\system32\hgGxuvvU.dll
    C:\Windows\system32\hgGxwuTn.dll
    C:\Windows\system32\hgGyvtSk.dll
    C:\Windows\system32\hveuuhuc.dll
    C:\Windows\system32\igwvdsov.dll
    C:\Windows\system32\iifedCTM.dll
    C:\Windows\system32\iifgfDWp.dll
    C:\Windows\system32\iuhwhvox.dll
    C:\Windows\system32\kfywvddj.dll
    C:\Windows\system32\khfDwuUN.dll
    C:\Windows\system32\khfFYSlM.dll
    C:\Windows\system32\kxsbdnux.dll
    C:\Windows\system32\ljJcawxx.dll
    C:\Windows\system32\ljjkKbbc.dll
    C:\Windows\system32\lthfdrhm.dll
    C:\Windows\system32\mnojtt.dll
    C:\Windows\system32\mtscgwjc.dll
    C:\Windows\system32\nfbyuavn.dll
    C:\Windows\system32\nyimovwc.dll
    C:\Windows\system32\pbxqxhhs.dll
    C:\Windows\system32\phvinxxw.dll
    C:\Windows\system32\pMdEwTJd.dll
    C:\Windows\system32\pmnlkjJc.dll
    C:\Windows\system32\qdacnckp.dll
    C:\Windows\system32\rihbmftx.dll
    C:\Windows\system32\rkforvqx.dll
    C:\Windows\system32\rwmrhqjh.dll
    C:\Windows\system32\rwslaqqk.dll
    C:\Windows\system32\snvsxccd.dll
    C:\Windows\system32\ssqNDstU.dll
    C:\Windows\system32\ttkjxbjm.dll
    C:\Windows\system32\tuvVLeDU.dll
    C:\Windows\system32\uipeejhn.dll
    C:\Windows\system32\urQiFUkj.dll
    C:\Windows\system32\vaxygyui.dll
    C:\Windows\system32\vsjqpphj.dll
    C:\Windows\system32\vtUmKCus.dll
    C:\Windows\system32\wppknmgr.dll
    C:\Windows\system32\xabkbclw.dll
    C:\Windows\system32\xdawsvfn.dll
    C:\Windows\system32\xpcylqaq.dll
    C:\Windows\system32\ymldnsmq.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 19:35 27,050 ----a-w C:\Users\JC\AppData\Roaming\nvModes.dat
    2008-09-29 09:16 --------- d-----w C:\ProgramData\Roxio
    2008-09-29 08:50 --------- d-----w C:\Users\JC\AppData\Roaming\Roxio
    2008-09-29 08:47 --------- d-----w C:\ProgramData\Sonic
    2008-09-28 21:43 --------- d-----w C:\Users\JC\AppData\Roaming\Malwarebytes
    2008-09-28 21:43 --------- d-----w C:\ProgramData\Malwarebytes
    2008-09-28 21:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 11:25 --------- d-----w C:\Program Files\Trend Micro
    2008-09-23 20:06 71 ----a-w C:\Users\JC\9974.bat
    2008-09-23 20:06 40,960 ----a-w C:\Users\JC\index.exe
    2008-09-23 17:22 71 ----a-w C:\Users\JC\6390.bat
    2008-09-23 17:06 71 ----a-w C:\Users\JC\7616.bat
    2008-09-23 16:43 71 ----a-w C:\Users\JC\1630.bat
    2008-09-23 16:01 71 ----a-w C:\Users\JC\3191.bat
    2008-09-23 15:30 71 ----a-w C:\Users\JC\2663.bat
    2008-09-23 15:02 71 ----a-w C:\Users\JC\2609.bat
    2008-09-23 14:39 71 ----a-w C:\Users\JC\4973.bat
    2008-09-23 13:34 71 ----a-w C:\Users\JC\3234.bat
    2008-09-23 10:17 71 ----a-w C:\Users\JC\9234.bat
    2008-09-23 08:09 71 ----a-w C:\Users\JC\4312.bat
    2008-09-22 19:00 71 ----a-w C:\Users\JC\6938.bat
    2008-09-22 17:12 71 ----a-w C:\Users\JC\5399.bat
    2008-09-22 17:01 71 ----a-w C:\Users\JC\3640.bat
    2008-09-20 19:19 71 ----a-w C:\Users\JC\5056.bat
    2008-09-20 13:21 71 ----a-w C:\Users\JC\7398.bat
    2008-09-20 10:41 --------- d-----w C:\ProgramData\Lavasoft
    2008-09-20 10:41 --------- d-----w C:\Program Files\Ad-Aware
    2008-09-20 10:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-20 09:53 --------- d-----w C:\ProgramData\Avira
    2008-09-20 09:53 --------- d-----w C:\Program Files\Avira
    2008-09-20 09:26 71 ----a-w C:\Users\JC\9708.bat
    2008-09-18 10:10 71 ----a-w C:\Users\JC\5001.bat
    2008-09-18 10:04 114,232 ----a-w C:\Windows\System32\jomtmsrs.dll
    2008-09-18 09:49 71 ----a-w C:\Users\JC\6494.bat
    2008-09-18 08:44 71 ----a-w C:\Users\JC\2304.bat
    2008-09-17 21:39 --------- d-----w C:\Program Files\HP
    2008-09-17 21:38 71 ----a-w C:\Users\JC\7591.bat
    2008-09-17 20:03 71 ----a-w C:\Users\JC\7789.bat
    2008-09-17 15:58 71 ----a-w C:\Users\JC\9835.bat
    2008-09-17 09:11 71 ----a-w C:\Users\JC\3021.bat
    2008-09-16 19:40 71 ----a-w C:\Users\JC\3827.bat
    2008-09-16 17:45 71 ----a-w C:\Users\JC\6693.bat
    2008-09-16 17:34 71 ----a-w C:\Users\JC\5475.bat
    2008-09-16 17:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-09-15 20:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-15 20:40 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-15 20:09 71 ----a-w C:\Users\JC\2216.bat
    2008-09-14 16:09 71 ----a-w C:\Users\JC\2420.bat
    2008-09-14 14:21 71 ----a-w C:\Users\JC\4399.bat
    2008-09-14 12:00 71 ----a-w C:\Users\JC\9830.bat
    2008-09-13 08:24 71 ----a-w C:\Users\JC\5871.bat
    2008-09-13 08:18 71 ----a-w C:\Users\JC\9932.bat
    2008-09-12 20:43 71 ----a-w C:\Users\JC\1279.bat
    2008-09-12 17:56 --------- d-----w C:\Program Files\Windows Mail
    2008-09-12 16:20 71 ----a-w C:\Users\JC\3489.bat
    2008-09-12 16:05 71 ----a-w C:\Users\JC\3145.bat
    2008-09-12 15:15 71 ----a-w C:\Users\JC\5511.bat
    2008-09-12 15:02 71 ----a-w C:\Users\JC\4717.bat
    2008-09-12 15:00 --------- d-----w C:\ProgramData\NOS
    2008-09-12 15:00 --------- d-----w C:\Program Files\NOS
    2008-09-12 13:47 --------- d-----w C:\Program Files\Common Files\Adobe AIR
    2008-09-12 13:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-12 13:46 --------- d--h--w C:\ProgramData\CanonBJ
    2008-09-12 09:42 174 --sha-w C:\Program Files\desktop.ini
    2008-09-12 09:31 71 ----a-w C:\Users\JC\9038.bat
    2008-09-11 20:21 71 ----a-w C:\Users\JC\3505.bat
    2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-27_19.41.24.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-29 19:34:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-09-29 19:34:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-09-27 16:57:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-29 08:17:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-27 16:57:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-29 08:17:17 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-27 16:57:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-29 08:17:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-27 17:38:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-09-29 19:36:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-09-29 19:36:17 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-09-27 17:38:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-09-29 19:36:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-09-29 19:36:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2007-07-30 17:19:54 71,352 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2008-07-18 20:08:20 72,256 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    - 2008-09-27 17:39:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-28 22:56:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-27 17:39:11 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-28 22:56:48 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-27 17:39:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-28 22:56:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-27 17:33:08 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-29 19:38:57 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-29 19:38:57 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-06-14 12:49:12 345,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 2008-09-28 22:24:08 345,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
    - 2008-09-24 17:15:59 103,924 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-09-29 19:42:01 103,924 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-09-24 17:15:59 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-09-29 19:42:01 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-09-24 17:15:59 610,142 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-09-29 19:42:01 610,142 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-09-24 17:15:59 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-09-29 19:42:01 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-09-14 13:51:55 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-09-27 18:35:03 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2008-09-27 13:44:23 6,412 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4240378360-3957530020-1513529585-1000_UserData.bin
    + 2008-09-29 19:36:41 7,478 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4240378360-3957530020-1513529585-1000_UserData.bin
    - 2008-09-27 13:44:23 64,352 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-09-29 19:36:41 64,654 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-09-27 13:44:20 40,302 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-09-29 19:36:40 41,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-09-14 12:04:23 30,093,792 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-09-27 17:58:32 115,853,120 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2006-11-02 12:35:28 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6001.18000_none_fdcbbc4906dd2f5d\ehiExtens.dll
    + 2008-06-23 18:09:26 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\bthenum.sys
    + 2006-11-02 09:46:02 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\aelupsvc.dll
    + 2006-11-02 09:45:39 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\sdbinst.exe
    + 2006-11-02 09:46:13 111,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\shimeng.dll
    + 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18000_none_0c223829f24c6bcd\AcRes.dll
    + 2006-11-02 09:46:02 38,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acppage.dll
    + 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acprgwiz.dll
    + 2006-11-02 09:45:32 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaelv.exe
    + 2006-11-02 09:45:32 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcalua.exe
    + 2006-11-02 09:45:32 14,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaui.exe
    + 2006-11-02 12:34:33 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmband.dll
    + 2006-11-02 12:34:33 62,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmcompos.dll
    + 2006-11-02 12:34:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmstyle.dll
    + 2006-11-02 12:34:33 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dswave.dll
    + 2006-11-02 09:46:05 52,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmci.dll
    + 2006-11-02 09:46:05 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmcico.dll
    + 2006-11-02 09:46:13 185,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.0.6001.18000_none_c62871670779ffa4\SndVolSSO.dll
    + 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netmsg.dll
    + 2006-11-02 09:46:11 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netrap.dll
    + 2006-11-02 09:44:52 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe
    + 2006-11-02 09:46:14 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\wshbth.dll
    + 2006-11-02 09:46:02 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certenc.dll
    + 2006-11-02 09:46:03 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\comcat.dll
    + 2006-11-02 07:28:57 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\oleres.dll
    + 2006-11-02 09:46:02 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\catsrvps.dll
    + 2006-09-18 21:27:45 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\comempty.dat
    + 2006-11-02 09:46:11 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\mtxex.dll
    + 2006-11-02 09:45:00 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe
    + 2006-09-18 21:27:12 19,429 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
    + 2006-09-18 21:35:10 27,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\compobj.dll
    + 2006-11-02 09:39:39 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\iprop.dll
    + 2006-09-18 21:35:13 42,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2.dll
    + 2006-09-18 21:35:14 169,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2disp.dll
    + 2006-09-18 21:35:15 153,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2nls.dll
    + 2006-09-18 21:35:15 4,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\storage.dll
    + 2006-09-18 21:35:15 177,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\typelib.dll
    + 2006-11-02 09:46:03 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\cnvfat.dll
    + 2006-11-02 09:44:15 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\wmi.dll
    + 2006-11-02 09:44:59 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofire.exe
    + 2006-11-02 09:45:20 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPUEX.EXE
    + 2006-11-02 09:46:05 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs404.dll
    + 2006-11-02 09:46:05 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs804.dll
    + 2006-11-02 09:46:13 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\w32topl.dll
    + 2006-11-02 09:46:05 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
    + 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsrres.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcmonitor.dll
    + 2006-11-02 09:46:05 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f9e0ba9013\mciqtz32.dll
    + 2006-11-02 09:46:03 593,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dramp.dll
    + 2006-11-02 09:46:03 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d8thk.dll
    + 2006-11-02 09:46:03 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddrawex.dll
    + 2006-11-02 12:34:30 136,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\dinput.dll
    + 2006-11-02 12:34:30 120,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\gcdef.dll
    + 2006-11-02 12:34:30 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\pid.dll
    + 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnaddr.dll
    + 2006-11-02 09:46:04 56,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnathlp.dll
    + 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhpast.dll
    + 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhupnp.dll
    + 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnlobby.dll
    + 2006-11-02 09:45:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnsvr.exe
    + 2006-11-02 09:39:16 536,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres.dll
    + 2006-11-02 09:46:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmintf.dll
    + 2006-09-18 21:39:30 215,943 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d782fc87d29e\dssec.dat
    + 2006-11-02 12:35:32 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6001.18000_none_2fddb7218242099b\ehdebug.dll
    + 2006-11-02 12:35:33 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehssetup_31bf3856ad364e35_6.0.6001.18000_none_91c1b8b7b69b880e\ehssetup.dll
    + 2006-11-02 09:46:11 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_none_95b1533bb11caa04\muifontsetup.dll
    + 2006-11-02 09:46:02 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\atmlib.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\dciman32.dll
    + 2006-11-02 09:46:05 158,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f\itircl.dll
    + 2006-11-02 09:45:13 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe
    + 2006-11-02 09:46:05 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hhsetup.dll
    + 2006-11-02 09:46:05 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCDIC.dll
    + 2006-11-02 07:33:43 19,991,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\MSHWCHTR.dll
    + 2006-11-02 09:45:17 144,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe
    + 2006-11-02 09:46:05 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsidsc.dll
    + 2006-11-02 12:36:18 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\idq.dll
    + 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzres.dll
    + 2008-01-19 07:33:33 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzupd.exe
    + 2006-11-02 09:46:13 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\WcsPlugInService.dll
    + 2006-11-02 09:44:59 84,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\colorcpl.exe
    + 2006-11-02 09:46:05 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\icmui.dll
    + 2006-11-02 12:34:31 15,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlconfig.dll
    + 2006-11-02 12:34:31 254,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlui.dll
    + 2006-11-02 09:39:30 161,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18000_none_ae3221cd06c5e98c\ieakui.dll
    + 2008-06-23 18:03:40 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18000_none_fb9216576bbe8c39\ieapfltr.dat
    + 2006-11-02 07:33:30 48,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18000_none_f36d8680ba269c41\mshtmler.dll
    + 2006-11-02 09:45:13 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\ieUnatt.exe
    + 2006-11-02 09:46:05 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runoncessetup_31bf3856ad364e35_6.0.6001.18000_none_88eec871cb19b965\iessetup.dll
    + 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18000_none_64a26c9fae1f0949\ieui.dll
    + 2006-11-02 12:36:24 98,133 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\adsutil.vbs
    + 2006-11-02 12:36:24 4,346 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusftp.vbs
    + 2006-11-02 12:36:24 4,341 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusweb.vbs
    + 2006-11-02 12:36:24 41,401 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\IIsExt.vbs
    + 2006-11-02 12:36:24 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\iismui.dll
    + 2006-11-02 12:36:24 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\InetMgr6.exe
    + 2006-11-02 12:36:21 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoadmn.dll
    + 2006-11-02 12:36:21 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoctrs.dll
    + 2006-11-02 12:36:21 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\iscomlog.dll
    + 2006-11-02 12:36:21 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\rpcref.dll
    + 2006-11-02 12:36:19 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\iisrstap.dll
    + 2006-11-02 12:36:20 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\wamregps.dll
    + 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\msimsg.dll
    + 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\normaliz.dll
    + 2006-11-02 09:46:11 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\MUILanguageCleanup.dll
    + 2006-11-02 09:46:09 323,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6001.18000_none_e79f2d93ba6ffee6\msrd2x40.dll
    + 2006-11-02 12:35:27 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.0.6001.18000_none_e309c7bbe82e39d1\mqsvc.exe
    + 2006-11-02 09:46:06 413,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6001.18000_none_c33bb5404d731490\msexch40.dll
    + 2006-11-02 12:35:09 3,295,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIImg.dll
    + 2006-11-02 12:35:09 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIRes.dll
    + 2006-11-02 12:34:36 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\DirectDB.dll
    + 2006-11-02 08:48:55 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18000_none_79b12a6a588ca469\INETRES.dll
    + 2006-11-02 12:34:36 2,836,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18000_none_587ec186254a22ac\MSOERES.dll
    + 2006-11-02 07:28:10 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-core_31bf3856ad364e35_6.0.6001.18000_none_e9286d318a269033\ACCTRES.dll
    + 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mferror.dll
    + 2006-11-02 12:35:54 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-ssetup_31bf3856ad364e35_6.0.6001.18000_none_13b1244660e5fd4e\wmssetup.dll
    + 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\asferror.dll
    + 2006-11-02 12:35:57 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\LAPRXY.DLL
    + 2006-11-02 12:35:09 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.0.6001.18000_none_58a7d7b2db3ffcd4\migres.dll
    + 2006-09-18 21:33:22 673,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b78e3fe4e3f\mlang.dat
    + 2006-11-02 12:36:06 150,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\MOVIEMK.exe
    + 2006-11-02 12:36:05 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\WMM2EXT.dll
    + 2006-11-02 09:40:16 145,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\msaudite.dll
    + 2006-11-02 12:35:28 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6001.18000_none_b74e019e3d6c64b6\mqcertui.dll
    + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\msxml3r.dll
    + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\msxml6r.dll
    + 2006-11-02 09:46:10 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSCommon.dll
    + 2006-11-02 09:46:10 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSDecWrp.dll
    + 2006-11-02 09:46:10 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSLoc.dll
    + 2008-01-19 07:34:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\FwRemoteSvr.dll
    + 2008-01-19 07:36:07 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\polstore.dll
    + 2008-01-19 07:36:55 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\winipsec.dll
    + 2006-11-02 09:46:11 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.0.6001.18000_none_dc5ac24ae0ca36fc\ndproxystub.dll
    + 2006-11-02 15:42:50 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_a605893285497783\CvtResUI.dll
    + 2006-11-02 15:42:47 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_a605893285497783\mscorees.dll
    + 2006-11-02 12:34:31 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nap-oobsha_31bf3856ad364e35_6.0.6001.18000_none_93e3b78243a9d8c2\msshavmsg.dll
    + 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0001.dll
    + 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0002.dll
    + 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0003.dll
    + 2006-11-02 08:22:07 12,038,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0007.dll
    + 2006-11-02 08:22:05 2,628,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0009.dll
    + 2006-11-02 08:22:11 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000a.dll
    + 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000c.dll
    + 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000d.dll
    + 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000f.dll
    + 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0010.dll
    + 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0011.dll
    + 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0013.dll
    + 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0018.dll
    + 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0019.dll
    + 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001a.dll
    + 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001b.dll
    + 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001d.dll
    + 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0020.dll
    + 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0021.dll
    + 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0022.dll
    + 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0024.dll
    + 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0026.dll
    + 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0027.dll
    + 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons002a.dll
    + 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0039.dll
    + 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons003e.dll
    + 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0045.dll
    + 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0046.dll
    + 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0047.dll
    + 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0049.dll
    + 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004a.dll
    + 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004b.dll
    + 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004c.dll
    + 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004e.dll
    + 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0414.dll
    + 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0416.dll
    + 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0816.dll
    + 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons081a.dll
    + 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0c1a.dll
    + 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsModels0011.dll
    + 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\neth.dll
    + 2006-11-02 09:46:14 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\wshnetbs.dll
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_48.bin
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_48.bin
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_48.bin
    + 2006-11-02 09:46:02 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\brdgcfg.dll
    + 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeres.dll
    + 2006-11-02 09:46:11 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\nlmsprep.dll
    + 2006-11-02 09:46:12 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\npmproxy.dll
    + 2006-11-02 12:36:04 51,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\CRPPresentation.dll
    + 2006-11-02 12:36:04 89,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\NetProj.exe
    + 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdres.dll
    + 2006-11-02 09:45:30 74,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.exe
    + 2006-11-02 07:09:42 9,029 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ANSI.SYS
    + 2006-11-02 07:09:49 12,498 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\append.exe
    + 2006-11-02 07:10:16 10,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMM.drv
    + 2006-11-02 07:09:49 50,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMAND.COM
    + 2006-11-02 07:10:28 32,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMDLG.DLL
    + 2006-11-02 07:09:45 27,097 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\country.sys
    + 2006-09-18 21:43:37 27,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ctl3dv2.dll
    + 2006-11-02 07:10:32 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DDEML.DLL
    + 2006-11-02 07:09:52 20,634 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\debug.exe
    + 2006-11-02 07:10:37 53,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\dosx.exe
    + 2006-11-02 07:10:29 28,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DRWATSON.EXE
    + 2006-09-18 21:43:40 69,886 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edit.com
    + 2006-11-02 07:09:50 12,642 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edlin.exe
    + 2006-11-02 07:09:51 8,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\exe2bin.exe
    + 2006-11-02 07:10:13 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GDI.EXE
    + 2006-11-02 07:09:59 19,694 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GRAPHICS.COM
    + 2006-11-02 07:09:41 4,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\HIMEM.SYS
    + 2006-11-02 07:09:57 14,710 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KB16.COM
    + 2006-11-02 07:09:44 42,809 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEY01.SYS
    + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\keyboard.drv
    + 2006-11-02 07:09:44 42,537 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEYBOARD.SYS
    + 2006-11-02 07:10:07 92,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\krnl386.exe
    + 2006-09-18 21:43:37 221,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lanman.drv
    + 2006-09-18 21:43:37 9,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lzexpand.dll
    + 2006-11-02 07:09:55 39,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mem.exe
    + 2006-11-02 07:10:21 68,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\MMSYSTEM.DLL
    + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mouse.drv
    + 2006-09-18 21:43:37 108,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\netapi.dll
    + 2006-11-02 07:09:56 7,052 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\nlsfunc.exe
    + 2006-11-02 07:09:29 27,866 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS.SYS
    + 2006-11-02 07:09:35 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS404.SYS
    + 2006-11-02 07:09:38 29,370 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS411.SYS
    + 2006-11-02 07:09:40 29,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS412.SYS
    + 2006-11-02 07:09:31 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS804.SYS
    + 2006-11-02 07:09:20 33,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO.SYS
    + 2006-11-02 07:09:23 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO404.SYS
    + 2006-11-02 07:09:24 35,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO411.SYS
    + 2006-11-02 07:09:26 35,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO412.SYS
    + 2006-11-02 07:09:22 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO804.SYS
    + 2006-11-02 09:46:12 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdmd.dll
    + 2006-09-18 21:43:37 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\olecli.dll
    + 2006-11-02 07:10:34 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\OLESVR.DLL
    + 2006-09-18 21:43:37 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\pmspl.dll
    + 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\redir.exe
    + 2006-11-02 07:09:53 11,753 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\setver.exe
    + 2006-11-02 07:10:14 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\SHELL.DLL
    + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sound.drv
    + 2006-09-18 21:43:37 18,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sysedit.exe
    + 2006-11-02 07:10:14 3,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\system.drv
    + 2006-11-02 07:10:26 4,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TIMER.DRV
    + 2006-11-02 07:10:25 13,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TOOLHELP.DLL
    + 2006-11-02 07:10:12 47,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\USER.EXE
    + 2006-09-18 21:43:37 9,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ver.dll
    + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vga.drv
    + 2006-11-02 07:10:30 12,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WFWNET.DRV
    + 2006-11-02 07:10:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WIFEMAN.DLL
    + 2006-11-02 08:35:53 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win.com
    + 2006-09-18 21:43:37 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win87em.dll
    + 2006-09-18 21:43:37 256,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\winhelp.exe
    + 2006-11-02 07:10:35 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINNLS.DLL
    + 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
    + 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSPOOL.EXE
    + 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWDEB.EXE
    + 2006-11-02 07:10:24 8,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWEXEC.EXE
    + 2006-11-02 09:45:33 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe
    + 2006-11-02 09:45:02 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\diskperf.exe
    + 2006-11-02 09:45:35 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\relog.exe
    + 2006-11-02 09:45:49 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe
    + 2006-11-02 09:46:12 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
    + 2006-11-02 09:46:12 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfdisk.dll
    + 2006-11-02 09:46:12 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfos.dll
    + 2006-11-02 09:46:12 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfproc.dll
    + 2006-11-02 09:45:31 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.exe
    + 2006-11-02 09:45:32 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe
    + 2006-11-02 12:36:18 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmon.dll
    + 2006-11-02 12:36:18 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmonui.dll
    + 2006-11-02 12:35:39 1,486,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabRes.dll
    + 2008-06-12 21:51:06 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfc.dat
    + 2008-06-12 21:51:06 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfd.dat
    + 2008-06-12 21:51:06 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfh.dat
    + 2008-06-12 21:51:06 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfi.dat
    + 2006-11-02 09:42:44 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\prflbmsg.dll
    + 2006-11-02 12:35:38 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpperf.dll
    + 2006-11-02 09:45:32 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PATHPING.EXE
    + 2006-11-02 09:45:49 12,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\TRACERT.EXE
    + 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacerprf.dll
    + 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\traffic.dll
    + 2006-11-02 09:46:14 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\wshqos.dll
    + 2006-11-02 12:36:25 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_hp.dll
    + 2006-11-02 12:36:25 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmsevt.dll
    + 2006-11-02 12:36:25 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsm.exe
    + 2006-11-02 12:36:25 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmmllsv.exe
    + 2006-11-02 12:36:25 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmsink.exe
    + 2006-11-02 12:36:25 54,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmui.exe
    + 2006-11-02 09:46:12 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
    + 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasautou.exe
    + 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasmxs.dll
    + 2006-11-02 09:46:12 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasser.dll
    + 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasdial.exe
    + 2006-11-02 09:46:12 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\rtutils.dll
    + 2006-11-02 09:46:02 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\clb.dll
    + 2006-11-02 09:45:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe
    + 2006-11-02 12:35:24 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\racpldlg.dll
    + 2006-11-02 09:45:37 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RmClient.exe
    + 2008-06-23 18:08:51 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18000_none_547dcc3187eaff70\wshrm.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6001.18000_none_17d3c60709ecb009\dfrgifps.dll
    + 2006-11-02 12:35:38 12,555,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.0.6001.18000_none_c0a3fbb5ef29fe27\Mahjong.dll
    + 2006-11-02 12:35:37 29,001,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.0.6001.18000_none_74d4a1cd7e673a2e\Chess.dll
    + 2006-11-02 12:35:35 4,305,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.0.6001.18000_none_a2611d5c392f48a1\MineSweeper.dll
    + 2006-11-02 12:35:36 28,665,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace.dll
    + 2006-11-02 12:35:35 8,384,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace2.dll
    + 2006-11-02 09:46:12 42,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorec.dll
    + 2006-11-02 09:46:12 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorsvc.dll
    + 2006-11-02 09:46:14 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\WlS0WndH.dll
    + 2006-11-02 09:43:11 2,928,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\W32UIImg.dll
    + 2006-11-02 09:46:13 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
    + 2006-11-02 12:35:15 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\sbdrop.dll
    + 2006-11-02 09:46:12 66,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6001.18000_none_17fd3fa469f2e862\SCardDlg.dll
    + 2006-11-02 09:46:13 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver_31bf3856ad364e35_6.0.6001.18000_none_f8f4e8f8eadb7d91\sscore.dll
    + 2006-11-02 09:45:46 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe
    + 2006-11-02 12:34:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.0.6001.18000_none_1c09f00b4bcc9fbc\SpeechUXPS.DLL
    + 2006-11-02 09:46:13 151,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sqlliteoledb_31bf3856ad364e35_6.0.6001.18000_none_be7f06c980d3ea88\sqlceoledb30.dll
    + 2006-11-02 09:39:30 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\icmp.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penchs.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pencht.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penjpn.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penkor.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penusa.dll
    + 2006-11-02 09:45:32 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipanel.exe
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipres.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchobj.dll
    + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchui.dll
    + 2006-11-02 12:35:47 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\jnwmon.dll
    + 2006-11-02 12:35:47 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_426
    29 Septembre 2008 21:48:42

    Est il possible de m'expliquer rapidement ce que vous tirer de ces rapports svp?

    ...sinon j'attends la suite de la procédure ;-)

    merci encore de ton aide angeldark
    a b 8 Sécurité
    30 Septembre 2008 12:44:11

    Citation :
    Est il possible de m'expliquer rapidement ce que vous tirer de ces rapports svp?

    Suppression de fichiers infectés, listing de fichiers, etc.

    Reposte un rapport Hijackthis.
    30 Septembre 2008 18:58:25

    rapport Hijacthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:57:54, on 30/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: wytjan.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    --
    End of file - 7948 bytes
    a b 8 Sécurité
    30 Septembre 2008 19:10:13

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O20 - AppInit_DLLs: wytjan.dll
    30 Septembre 2008 19:14:14

    ok c'est fait!
    Besoin d'un autre scan?
    a b 8 Sécurité
    30 Septembre 2008 19:15:36

    Ouaip :) 
    30 Septembre 2008 19:17:39

    aussitot dit aussitot fait, encore merci de la rapidité des réponses!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:17:02, on 30/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O13 - Gopher Prefix:
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    --
    End of file - 7716 bytes


    a b 8 Sécurité
    30 Septembre 2008 21:06:27

    Encore des soucis ?
    30 Septembre 2008 21:36:48

    Non j'ai pas l'impression!
    Je te remercie de ton aide
    tres bon helper ;-)
    j'espere ne plus avoir besoin de tes services!!
    a b 8 Sécurité
    1 Octobre 2008 13:05:03

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS