Votre question

Trojan:Win32/Vundo.gen!M

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Juillet 2008 20:53:28

Voila jai un trojan et je ne sais pas comment l'enlever, sa me fait lagger et sa devient de pire en pire
jai fait un rapport avec hikackthis si sa peu vous aider a m'aider et sa a donner sa :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:25, on 20/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Razer\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ddcCTmnM.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Thomas\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 15601 bytes



Merci de votre aide !

Autres pages sur : trojan win32 vundo gen

20 Juillet 2008 23:07:23

Bonsoir,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
    21 Juillet 2008 09:40:23

    -----------\\ ToolBar S&D 1.0.6 XP/Vista

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Thomas ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 21/07/2008 | 9:39:48,13 ] [ PC : FAMILLEBERTRAN ]
    [ MAJ : 18-07-2008 | 20:45 ]
    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar
    C:\Program Files\AskTBar\SrchAstt
    C:\Windows\Prefetch\DEALIO DESKBAR.EXE-E4B87CA8.pf
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
    C:\Users\Thomas\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5\44B19ANB\Dealio%20Toolbar[1].msi
    C:\Program Files\Dealio
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\Users\Thomas\AppData\Roaming\MICROS~1\Windows\Cookies\thomas@mysearch[2].txt
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Users\Thomas\AppData\Local\Temp\mcrh.tmp

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    [ UAC => 1 ]

    -----------\\ Fin du rapport a 9:39:54,66
    Contenus similaires
    21 Juillet 2008 12:31:50

    Re,

    Relance Toolbar-S&D en double-cliquant sur le raccourci.

  • Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
    ! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
  • Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.

    [#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    22 Juillet 2008 09:45:14


    -----------\\ ToolBar S&D 1.0.6 XP/Vista

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
    [ USER : Thomas ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 22/07/2008 | 9:40:07,28 ] [ PC : FAMILLEBERTRAN ]
    [ MAJ : 18-07-2008 | 20:45 ]
    [ UAC => 0 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskTBar\bar
    Supprime! - C:\Program Files\AskTBar\SrchAstt
    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
    Supprime! - C:\Users\Thomas\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5\44B19ANB\Dealio%20Toolbar[1].msi
    Supprime! - C:\Program Files\Dealio\DealioAU.exe
    Supprime! - C:\Program Files\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
    Supprime! - C:\Users\Thomas\AppData\Roaming\MICROS~1\Windows\Cookies\thomas@mysearch[2].txt
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\Users\Thomas\AppData\Local\Temp\mcrh.tmp
    Supprime! - C:\Program Files\AskTBar
    Supprime! - C:\Program Files\Dealio
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    [ UAC => 1 ]

    -----------\\ Fin du rapport a 9:43:19,91


    ---------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:59, on 22/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Razer\razerhid.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Razer\razerofa.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ddcCTmnM.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 14941 bytes

    22 Juillet 2008 14:15:54

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    23 Juillet 2008 10:39:12

    Je n'arrive pas ya le faire marcher sa me met :

    Une référence a été renvoyer au serveur.
    23 Juillet 2008 12:27:20

    Re,

    Clique sur démarrer --> exécuter, tape regedit puis valide par ok.
    (Si tu es sous Vista, clique seulement sur démarrer, tape regedit et valide par entrée)

    Navigue jusqu'à cette clef :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, puis regarde à droite la valeur et double clique sur: ValidateAdminCodeSignatures.
    Si la valeur par défaut est: (1) donc activé, tape 0 pour desactiver puis OK.
    23 Juillet 2008 12:48:31

    Voila c'est fait.
    23 Juillet 2008 12:49:22

    Ressaie pour ComboFix.
    23 Juillet 2008 13:08:42

    ComboFix 08-07-22.3 - Thomas 2008-07-23 12:52:57.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1833 [GMT 2:00]
    Endroit: C:\Users\Thomas\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-21 19:38 . 2008-07-21 19:50 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-21 14:48 . 2008-07-21 14:48 <REP> d-------- C:\Users\Thomas\AppData\Roaming\SystemRequirementsLab
    2008-07-21 14:48 . 2008-07-21 14:48 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-07-21 14:47 . 2008-07-21 14:47 <REP> d-------- C:\WINDOWS\Sun
    2008-07-21 09:33 . 2008-07-22 09:43 <REP> d-------- C:\Toolbar SD
    2008-07-20 13:53 . 2008-07-20 13:53 <REP> d-------- C:\Program Files\RocketDock
    2008-07-18 12:11 . 2008-07-18 12:11 <REP> d-------- C:\Program Files\Smallvideosoft
    2008-07-18 12:11 . 2008-07-18 12:11 <REP> d-------- C:\Mp3 Output
    2008-07-18 12:11 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\System32\NCMedia.dll
    2008-07-18 12:11 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\System32\xvidcore.dll
    2008-07-18 12:11 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\System32\libmp3lame-0.dll
    2008-07-18 11:57 . 2008-07-18 11:57 <REP> d-------- C:\Program Files\Amond Software
    2008-07-18 07:02 . 2008-06-26 03:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
    2008-07-18 07:02 . 2008-06-26 03:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll
    2008-07-18 07:02 . 2008-06-26 05:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll
    2008-07-17 19:48 . 2008-07-17 19:48 <REP> d-------- C:\Program Files\Free Audio Pack
    2008-07-17 19:47 . 2008-07-22 10:41 <REP> d-------- C:\Program Files\Free FLV Converter
    2008-07-17 19:47 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\System32\PropertyGrid.ocx
    2008-07-17 19:47 . 2008-07-12 04:52 233,472 --a------ C:\WINDOWS\System32\TubeFinder.exe
    2008-07-17 19:47 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\System32\ReyXpBasics.tlb
    2008-07-17 19:47 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\System32\MSCMCFR.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 101,888 --a------ C:\WINDOWS\System32\VB6STKIT.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\System32\PICCLP32.OCX
    2008-07-17 19:47 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\System32\CMDLGFR.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\System32\ControlSubX.ocx
    2008-07-17 19:47 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\System32\PCCLPFR.DLL
    2008-07-17 19:41 . 2008-07-17 19:41 <REP> d-------- C:\Program Files\Wondershare
    2008-07-16 20:54 . 2008-07-16 20:54 <REP> d-------- C:\Users\Thomas\Les Sims 2
    2008-07-15 19:37 . 2008-07-15 19:37 107,888 --a------ C:\WINDOWS\System32\CmdLineExt.dll
    2008-07-15 11:05 . 2008-07-18 14:14 <REP> d-------- C:\Program Files\EA GAMES
    2008-07-15 11:05 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\System32\vp6vfw.dll
    2008-07-14 11:31 . 2008-07-14 11:33 <REP> d-------- C:\Users\All Users\ma-config.com
    2008-07-14 11:31 . 2008-07-14 11:33 <REP> d-------- C:\ProgramData\ma-config.com
    2008-07-14 11:31 . 2008-07-14 11:31 <REP> d-------- C:\Program Files\ma-config.com
    2008-07-13 18:51 . 2008-07-13 18:51 <REP> d-------- C:\Program Files\iTunes
    2008-07-13 18:51 . 2008-07-13 18:51 <REP> d-------- C:\Program Files\iPod
    2008-07-12 17:21 . 2008-07-12 17:22 <REP> d-------- C:\Program Files\VirtualDJ
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Users\Thomas\AppData\Roaming\ScanSoft
    2008-07-08 21:25 . 2008-07-08 21:25 <REP> d-------- C:\Program Files\Common Files\Control Panels
    2008-07-08 21:22 . 2008-07-08 21:22 <REP> d-------- C:\Users\All Users\ALM
    2008-07-08 21:22 . 2008-07-08 21:22 <REP> d-------- C:\ProgramData\ALM
    2008-07-08 21:03 . 2007-03-23 04:05 29,272 -ra------ C:\WINDOWS\System32\AdobePDF.dll
    2008-07-06 18:38 . 2008-07-22 21:57 <REP> d-------- C:\Users\Famille Bertran\AppData\Roaming\OpenOffice.org2
    2008-07-03 13:45 . 2008-07-03 13:45 <REP> d-------- C:\Program Files\Razer
    2008-07-03 13:45 . 2004-12-16 22:52 53,248 --a------ C:\WINDOWS\System32\razer.cpl
    2008-07-02 18:00 . 2008-07-02 18:00 <REP> d-------- C:\Users\Thomas\AppData\Roaming\Mumble
    2008-07-02 17:59 . 2008-07-02 18:00 <REP> d-------- C:\Program Files\Mumble
    2008-07-02 13:28 . 2008-07-23 10:00 <REP> d-------- C:\Users\Thomas\AppData\Roaming\OpenOffice.org2
    2008-07-02 13:26 . 2008-07-02 13:26 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-30 16:29 . 2008-07-01 10:04 <REP> d-------- C:\Program Files\Live for Speed S2
    2008-06-30 12:38 . 2008-07-01 10:59 <REP> d-------- C:\Program Files\Counter-Strike
    2008-06-27 17:42 . 2008-06-27 17:42 <REP> d-------- C:\HLServer
    2008-06-27 10:39 . 2008-06-27 10:39 <REP> d-------- C:\Users\All Users\VCOM
    2008-06-27 10:39 . 2008-06-27 10:39 <REP> d-------- C:\ProgramData\VCOM
    2008-06-27 10:38 . 2008-06-27 10:39 <REP> d-------- C:\Users\Thomas\AppData\Roaming\VCOM
    2008-06-27 10:36 . 2008-06-27 10:36 <REP> d-------- C:\Program Files\VCOM
    2008-06-24 06:40 . 2008-06-24 06:40 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-06-23 19:05 . 2008-06-23 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-23 18:01 . 2008-07-09 03:00 <REP> d----c--- C:\WINDOWS\System32\DRVSTORE
    2008-06-23 18:01 . 2007-11-27 22:45 91,200 --a------ C:\WINDOWS\System32\drivers\msfwdrv.sys
    2008-06-23 18:01 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\System32\drivers\MpFilter.sys
    2008-06-23 18:01 . 2007-11-27 22:44 37,440 --a------ C:\WINDOWS\System32\drivers\msfwhlpr.sys
    2008-06-23 17:58 . 2008-07-23 10:00 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-23 10:49 --------- d---a-w C:\ProgramData\TEMP
    2008-07-23 08:48 --------- d-----w C:\Users\Thomas\AppData\Roaming\uTorrent
    2008-07-23 07:59 --------- d-----w C:\Program Files\Steam
    2008-07-22 10:00 --------- d-----w C:\Users\Thomas\AppData\Roaming\Skype
    2008-07-22 09:18 --------- d-----w C:\Program Files\Nero
    2008-07-22 07:25 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
    2008-07-22 07:25 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
    2008-07-22 07:25 20 ---h--w C:\ProgramData\PKP_DLec.DAT
    2008-07-22 07:25 20 ---h--w C:\ProgramData\PKP_DLds.DAT
    2008-07-18 13:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-07-17 08:55 --------- d-----w C:\Program Files\Common Files\Steam
    2008-07-14 16:15 --------- d-----w C:\Program Files\Snapshot Viewer
    2008-07-14 10:18 --------- d-----w C:\Users\Thomas\AppData\Roaming\FileZilla
    2008-07-13 16:50 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 11:42 --------- d-----w C:\Program Files\Java
    2008-07-12 10:08 --------- d-----w C:\ProgramData\TrackMania
    2008-07-11 08:57 --------- d-----w C:\Users\Thomas\AppData\Roaming\teamspeak2
    2008-07-09 17:35 --------- d-----w C:\Program Files\Opera
    2008-07-09 07:02 --------- d-----w C:\Program Files\Windows Mail
    2008-07-08 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-07-07 17:15 --------- d-----w C:\Users\Thomas\AppData\Roaming\Apple Computer
    2008-07-07 06:59 --------- d-----w C:\Program Files\Safari
    2008-07-04 06:51 --------- d-----w C:\ProgramData\NVIDIA
    2008-07-03 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-28 12:30 --------- d-----w C:\Users\Thomas\AppData\Roaming\SPORE Creature Creator
    2008-06-23 16:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-06-22 19:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 11:52 --------- d-----w C:\Program Files\Electronic Arts
    2008-06-21 17:25 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\DAEMON Tools
    2008-06-21 16:16 --------- d--h--r C:\Users\Thomas\AppData\Roaming\SecuROM
    2008-06-21 09:43 --------- d-----w C:\ProgramData\Electronic Arts
    2008-06-19 15:48 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-06-19 15:47 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-06-15 17:19 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\vlc
    2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
    2008-06-08 17:49 --------- d-----w C:\Program Files\TVAntsX
    2008-06-07 17:33 --------- d-----w C:\Program Files\SteamKeyFr
    2008-05-31 19:03 --------- d-----w C:\ProgramData\Sony
    2008-05-31 19:03 --------- d-----w C:\Program Files\Vstplugins
    2008-05-31 19:03 --------- d-----w C:\Program Files\Sony
    2008-05-25 08:41 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\Canon
    2008-05-24 17:41 --------- d-----w C:\Users\Thomas\AppData\Roaming\Canon
    2008-05-18 10:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-05-18 10:45 22,328 ----a-w C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
    2008-05-18 10:45 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
    2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
    2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
    2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
    2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
    2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
    2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
    2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
    2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
    2008-04-13 17:59 1,596,094 ----a-w C:\Users\Thomas\mbam-setup.exe
    2008-04-13 09:50 158,601 ----a-w C:\Users\Thomas\885662@141_Terrorist v2.0.zip
    2008-03-29 09:39 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-25_12.20.13,32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-02 11:26:40 12,288 ----a-w C:\Windows\assembly\GAC\cli_basetypes\1.0.10.0__ce2cb7e279207b9e\cli_basetypes.dll
    + 2008-07-02 11:26:40 32,256 ----a-w C:\Windows\assembly\GAC\cli_cppuhelper\1.0.13.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2008-07-02 11:26:41 847,872 ----a-w C:\Windows\assembly\GAC\cli_types\1.1.13.0__ce2cb7e279207b9e\cli_types.dll
    + 2008-07-02 11:26:41 8,192 ----a-w C:\Windows\assembly\GAC\cli_ure\1.0.13.0__ce2cb7e279207b9e\cli_ure.dll
    + 2008-07-02 11:26:22 3,072 ----a-w C:\Windows\assembly\GAC\policy.1.0.cli_basetypes\9.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2008-07-02 11:26:22 3,072 ----a-w C:\Windows\assembly\GAC\policy.1.0.cli_cppuhelper\13.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    + 2008-07-02 11:26:22 3,072 ----a-w C:\Windows\assembly\GAC\policy.1.0.cli_ure\13.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2008-07-02 11:26:43 3,072 ----a-w C:\Windows\assembly\GAC\policy.1.1.cli_types\13.0.0.0__ce2cb7e279207b9e\policy.1.1.cli_types.dll
    + 2008-03-24 17:33:02 1,527,056 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
    + 2008-03-24 17:33:02 1,527,056 ----a-w C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    + 2007-02-22 21:41:12 304,544 ----a-w C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
    + 2007-02-28 12:21:04 130,472 ----a-w C:\Windows\Downloaded Program Files\MineSweeper.dll
    - 2008-06-24 04:42:35 51,200 ----a-w C:\Windows\inf\infpub.dat
    + 2008-07-13 16:47:01 51,200 ----a-w C:\Windows\inf\infpub.dat
    - 2008-06-24 04:42:33 86,016 ----a-w C:\Windows\inf\infstor.dat
    + 2008-07-13 16:47:01 86,016 ----a-w C:\Windows\inf\infstor.dat
    - 2008-06-24 04:42:35 143,360 ----a-w C:\Windows\inf\infstrng.dat
    + 2008-07-13 16:47:01 143,360 ----a-w C:\Windows\inf\infstrng.dat
    - 2008-04-09 09:50:49 155,136 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\accicons.exe
    + 2008-07-14 16:17:54 155,136 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\accicons.exe
    - 2008-04-09 09:50:49 22,528 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\bindico.exe
    + 2008-07-14 16:17:54 22,528 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\bindico.exe
    - 2008-04-09 09:50:49 28,160 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\misc.exe
    + 2008-07-14 16:17:54 28,160 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\misc.exe
    - 2008-04-09 09:50:49 2,048 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\msd82ico.exe
    + 2008-07-14 16:17:54 2,048 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\msd82ico.exe
    - 2008-04-09 09:50:49 11,264 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\pubs.exe
    + 2008-07-14 16:17:54 11,264 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\pubs.exe
    - 2008-04-09 09:50:49 2,048 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\wa32ico.exe
    + 2008-07-14 16:17:54 2,048 ----a-r C:\Windows\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\wa32ico.exe
    + 2008-07-17 17:47:46 65,536 ----a-r C:\Windows\Installer\{6105648C-0C3C-481D-8C11-1F4952D6FB53}\ARPPRODUCTICON.exe
    + 2008-07-09 01:00:50 10,134 ----a-r C:\Windows\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe
    + 2008-06-30 12:00:22 335,872 ----a-r C:\Windows\Installer\{995237D9-6E24-45D9-9B06-C13AA62F518B}\ARPPRODUCTICON.exe
    + 2008-07-02 11:27:48 2,363,392 ----a-r C:\Windows\Installer\{A122962F-331A-4C2E-93DB-AD92D8A4FB14}\soffice.exe
    + 2008-07-08 19:03:28 295,606 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
    + 2008-07-08 19:03:29 295,606 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
    + 2008-07-08 19:03:29 295,606 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
    + 2008-07-08 19:03:29 25,214 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
    + 2008-07-08 19:03:29 7,278 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
    + 2008-07-08 19:03:28 23,558 ----a-r C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    + 2008-07-08 18:48:30 65,536 ----a-r C:\Windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
    + 2008-07-07 06:59:10 307,200 ----a-r C:\Windows\Installer\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}\SafariIco.exe
    + 2008-07-17 17:47:58 10,134 ----a-r C:\Windows\Installer\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}\ARPPRODUCTICON.exe
    + 2008-06-30 12:00:10 335,872 ----a-r C:\Windows\Installer\{E907A385-B00D-4D03-8B16-B64F10938CE6}\Adobe_Ultra_CS3.exe_E907A385B00D4D038B16B64F10938CE6.exe
    + 2008-06-30 12:00:10 335,872 ----a-r C:\Windows\Installer\{E907A385-B00D-4D03-8B16-B64F10938CE6}\ARPPRODUCTICON.exe
    + 2008-07-13 16:51:33 102,400 ----a-r C:\Windows\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe
    - 2008-06-24 19:57:30 4,787,248 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2008-07-22 19:58:15 7,236,880 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2008-06-25 09:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-07-23 07:57:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-06-25 09:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-07-23 07:57:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-25 09:49:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-07-23 07:59:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-07-23 07:59:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-25 09:51:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-07-23 07:59:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2005-02-24 12:10:10 2,084,864 ----a-w C:\Windows\System32\AudDesign.dll
    + 2005-02-24 12:10:30 417,792 ----a-w C:\Windows\System32\AudDisplay.dll
    + 2005-03-11 17:37:10 1,986,560 ----a-w C:\Windows\System32\AudFile.dll
    + 2005-02-24 12:11:06 1,212,416 ----a-w C:\Windows\System32\AudioInfos.dll
    + 2005-03-10 16:00:30 454,656 ----a-w C:\Windows\System32\AudioRecord.dll
    + 2005-02-24 12:11:56 479,232 ----a-w C:\Windows\System32\AudioVisu.dll
    + 2005-02-24 15:21:12 458,752 ----a-w C:\Windows\System32\AudPlayer.dll
    + 2006-04-22 13:32:14 313,344 ----a-w C:\Windows\System32\avisynth.dll
    - 2008-06-25 09:48:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-07-23 10:41:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-25 09:48:48 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-07-23 10:41:23 163,840 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-25 09:48:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-07-23 10:41:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-25 10:15:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-07-23 10:52:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2006-11-07 09:22:24 719,872 ----a-w C:\Windows\System32\devil.dll
    - 2007-08-09 10:30:00 521,128 ----a-w C:\Windows\System32\dpinst.exe
    + 2008-01-10 17:57:00 795,104 ----a-w C:\Windows\System32\dpinst.exe
    - 2006-11-02 08:55:01 38,912 ----a-w C:\Windows\System32\drivers\hidclass.sys
    + 2008-01-19 05:53:16 38,912 ----a-w C:\Windows\System32\drivers\hidclass.sys
    - 2006-11-02 08:55:00 25,472 ----a-w C:\Windows\System32\drivers\hidparse.sys
    + 2008-01-19 05:53:16 25,472 ----a-w C:\Windows\System32\drivers\hidparse.sys
    - 2006-11-02 08:55:01 12,288 ----a-w C:\Windows\System32\drivers\hidusb.sys
    + 2008-01-19 05:53:17 12,288 ----a-w C:\Windows\System32\drivers\hidusb.sys
    - 2006-11-02 08:51:12 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys
    + 2008-01-19 05:49:16 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys
    - 2007-08-27 23:59:00 7,574,976 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
    + 2008-01-10 17:57:00 8,237,120 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
    - 2008-01-19 05:55:53 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
    + 2008-04-05 01:21:42 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
    - 2008-01-19 07:43:39 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
    + 2008-04-26 08:26:49 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
    + 2007-03-23 02:04:52 24,456 ------w C:\Windows\System32\DriverStore\FileRepository\adobepdf.inf_5a2bbe60\I386\ADREGP.DLL
    + 2007-03-23 20:18:34 190,072 ------w C:\Windows\System32\DriverStore\FileRepository\adobepdf.inf_5a2bbe60\I386\ADUIGP.DLL
    + 2008-01-10 17:57:00 795,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\dpinst.exe
    + 2008-01-10 17:57:00 385,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvapi.dll
    + 2008-01-10 17:57:00 35,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvcod.dll
    + 2008-01-10 17:57:00 154,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvcolor.exe
    + 2008-01-10 17:57:00 8,530,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvcpl.dll
    + 2008-01-10 17:57:00 760,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvcplui.exe
    + 2008-01-10 17:57:00 1,079,840 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvcpluir.dll
    + 2008-01-10 17:57:00 5,263,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvd3dum.dll
    + 2008-01-10 17:57:00 6,560,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvdisps.dll
    + 2008-01-10 17:57:00 5,614,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvdispsr.dll
    + 2008-01-10 17:57:00 313,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvexpbar.dll
    + 2008-01-10 17:57:00 3,426,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvgames.dll
    + 2008-01-10 17:57:00 3,340,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvgamesr.dll
    + 2008-01-10 17:57:00 8,237,120 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvlddmkm.sys
    + 2008-01-10 17:57:00 236,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmccs.dll
    + 2008-01-10 17:57:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmccsrs.dll
    + 2008-01-10 17:57:00 195,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmccss.dll
    + 2008-01-10 17:57:00 465,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmccssr.dll
    + 2008-01-10 17:57:00 88,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmctray.dll
    + 2008-01-10 17:57:00 1,235,488 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmobls.dll
    + 2008-01-10 17:57:00 2,861,600 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvmoblsr.dll
    + 2008-01-10 17:57:00 7,376,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvoglv32.dll
    + 2008-01-10 17:57:00 92,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvsvc.dll
    + 2008-01-10 17:57:00 360,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvudisp.exe
    + 2008-01-10 17:57:00 3,717,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvvitvs.dll
    + 2008-01-10 17:57:00 3,721,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvvitvsr.dll
    + 2008-01-10 17:57:00 1,830,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvwgf2um.dll
    + 2008-01-10 17:57:00 2,505,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvwss.dll
    + 2008-01-10 17:57:00 2,525,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\nvhp.inf_3b1b575a\nvwssr.dll
    + 2008-07-10 07:35:22 32,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_524e3145\usbaapl.sys
    + 2008-05-15 14:15:16 53,168 -c--a-w C:\Windows\System32\DRVSTORE\mpfilter_7624CBE7EF3BB21A52F29BE608459E93D0D31F4C\mpfilter.sys
    - 2008-06-08 07:53:36 1,813,240 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 2008-07-14 16:23:30 1,836,800 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 1998-07-12 23:00:00 15,360 ----a-w C:\Windows\System32\inetfr.DLL
    - 2007-04-06 22:15:26 135,168 ----a-w C:\Windows\System32\java.exe
    + 2008-06-09 23:21:01 135,168 ----a-w C:\Windows\System32\java.exe
    - 2007-04-06 22:15:28 135,168 ----a-w C:\Windows\System32\javaw.exe
    + 2008-06-09 23:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
    - 2007-04-06 23:16:26 139,264 ----a-w C:\Windows\System32\javaws.exe
    + 2008-06-10 00:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
    - 2008-01-19 07:34:35 512,000 ----a-w C:\Windows\System32\jscript.dll
    + 2008-05-08 21:59:28 512,000 ----a-w C:\Windows\System32\jscript.dll
    + 2003-08-07 15:01:50 237,568 ----a-w C:\Windows\System32\lame_enc.dll
    - 2007-11-21 00:52:38 2,884,992 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    + 2008-03-25 03:21:18 2,889,088 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    - 2007-11-21 00:52:40 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-03-25 03:21:20 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2008-06-21 09:41:13 74,137 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
    + 2008-07-12 20:53:31 74,649 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
    - 2008-03-08 14:16:21 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2008-07-09 17:35:56 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe
    - 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe
    + 2008-06-25 16:15:46 17,972,344 ----a-w C:\Windows\System32\mrt.exe
    + 1998-07-12 23:00:00 59,904 ----a-w C:\Windows\System32\Mscc2fr.dll
    + 2007-03-12 12:02:26 947,472 ----a-w C:\Windows\System32\msjava.dll
    - 2003-11-21 07:45:06 91,136 ----a-r C:\Windows\System32\msls2.dll
    + 1998-03-23 17:05:28 91,136 ----a-w C:\Windows\System32\MSLS2.DLL
    + 1998-06-16 23:00:00 516,173 ----a-w C:\Windows\System32\MSVCP60D.DLL
    + 1998-06-16 23:00:00 385,100 ----a-w C:\Windows\System32\MSVCRTD.DLL
    - 2007-08-27 23:59:00 360,448 ----a-w C:\Windows\System32\nvapi.dll
    + 2008-01-10 17:57:00 385,024 ----a-w C:\Windows\System32\nvapi.dll
    - 2007-08-27 23:59:00 37,376 ----a-w C:\Windows\System32\nvcod.dll
    + 2008-01-10 17:57:00 35,328 ----a-w C:\Windows\System32\nvcod.dll
    - 2007-08-27 23:59:00 37,376 ----a-w C:\Windows\System32\nvcod100.dll
    + 2008-01-10 17:57:00 35,328 ----a-w C:\Windows\System32\nvcod100.dll
    - 2007-08-27 23:59:00 147,456 ----a-w C:\Windows\System32\nvcolor.exe
    + 2008-01-10 17:57:00 154,144 ----a-w C:\Windows\System32\nvcolor.exe
    - 2007-08-27 23:59:00 8,473,120 ----a-w C:\Windows\System32\nvcpl.dll
    + 2008-01-10 17:57:00 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll
    - 2007-08-27 23:59:00 753,664 ----a-w C:\Windows\System32\nvcplui.exe
    + 2008-01-10 17:57:00 760,352 ----a-w C:\Windows\System32\nvcplui.exe
    - 2007-08-27 23:59:00 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
    + 2008-01-10 17:57:00 1,079,840 ----a-w C:\Windows\System32\nvcpluir.dll
    - 2007-08-27 23:59:00 4,788,224 ----a-w C:\Windows\System32\nvd3dum.dll
    + 2008-01-10 17:57:00 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
    - 2007-08-27 23:59:00 6,234,112 ----a-w C:\Windows\System32\nvdisps.dll
    + 2008-01-10 17:57:00 6,560,288 ----a-w C:\Windows\System32\nvdisps.dll
    - 2007-08-27 23:59:00 5,455,872 ----a-w C:\Windows\System32\nvdispsr.dll
    + 2008-01-10 17:57:00 5,614,112 ----a-w C:\Windows\System32\nvdispsr.dll
    - 2007-08-27 23:59:00 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
    + 2008-01-10 17:57:00 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
    - 2007-08-27 23:59:00 3,321,856 ----a-w C:\Windows\System32\nvgames.dll
    + 2008-01-10 17:57:00 3,426,848 ----a-w C:\Windows\System32\nvgames.dll
    - 2007-08-27 23:59:00 3,072,000 ----a-w C:\Windows\System32\nvgamesr.dll
    + 2008-01-10 17:57:00 3,340,832 ----a-w C:\Windows\System32\nvgamesr.dll
    - 2007-08-27 23:59:00 229,376 ----a-w C:\Windows\System32\nvmccs.dll
    + 2008-01-10 17:57:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
    - 2007-08-27 23:59:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
    + 2008-01-10 17:57:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
    - 2007-08-27 23:59:00 188,416 ----a-w C:\Windows\System32\nvmccss.dll
    + 2008-01-10 17:57:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
    - 2007-08-27 23:59:00 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
    + 2008-01-10 17:57:00 465,440 ----a-w C:\Windows\System32\nvmccssr.dll
    - 2007-08-27 23:59:00 81,920 ----a-w C:\Windows\System32\nvmctray.dll
    + 2008-01-10 17:57:00 88,608 ----a-w C:\Windows\System32\nvmctray.dll
    - 2007-08-27 23:59:00 1,142,784 ----a-w C:\Windows\System32\nvmobls.dll
    + 2008-01-10 17:57:00 1,235,488 ----a-w C:\Windows\System32\nvmobls.dll
    - 2007-08-27 23:59:00 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
    + 2008-01-10 17:57:00 2,861,600 ----a-w C:\Windows\System32\nvmoblsr.dll
    - 2007-08-27 23:59:00 6,922,240 ----a-w C:\Windows\System32\nvoglv32.dll
    + 2008-01-10 17:57:00 7,376,896 ----a-w C:\Windows\System32\nvoglv32.dll
    - 2007-08-27 23:59:00 86,016 ----a-w C:\Windows\System32\nvsvc.dll
    + 2008-01-10 17:57:00 92,704 ----a-w C:\Windows\System32\nvsvc.dll
    - 2007-08-27 23:59:00 356,352 ----a-w C:\Windows\System32\nvudisp.exe
    + 2008-01-10 17:57:00 360,448 ----a-w C:\Windows\System32\nvudisp.exe
    - 2007-08-27 23:59:00 356,352 ----a-w C:\Windows\System32\nvuninst.exe
    + 2008-01-10 05:03:38 360,448 ----a-w C:\Windows\System32\nvuninst.exe
    - 2007-08-27 23:59:00 3,518,464 ----a-w C:\Windows\System32\nvvitvs.dll
    + 2008-01-10 17:57:00 3,717,664 ----a-w C:\Windows\System32\nvvitvs.dll
    - 2007-08-27 23:59:00 3,600,384 ----a-w C:\Windows\System32\nvvitvsr.dll
    + 2008-01-10 17:57:00 3,721,760 ----a-w C:\Windows\System32\nvvitvsr.dll
    - 2007-08-27 23:59:00 1,502,208 ----a-w C:\Windows\System32\nvwgf2um.dll
    + 2008-01-10 17:57:00 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll
    - 2007-08-27 23:59:00 2,330,624 ----a-w C:\Windows\System32\nvwss.dll
    + 2008-01-10 17:57:00 2,505,248 ----a-w C:\Windows\System32\nvwss.dll
    - 2007-08-27 23:59:00 2,416,640 ----a-w C:\Windows\System32\nvwssr.dll
    + 2008-01-10 17:57:00 2,525,728 ----a-w C:\Windows\System32\nvwssr.dll
    - 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    + 2008-04-05 03:34:31 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    - 2008-06-24 05:09:57 108,736 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-07-22 06:07:40 108,736 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-24 05:09:57 134,064 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-07-22 06:07:40 134,064 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-24 05:09:57 604,810 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-07-22 06:07:40 604,810 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-24 05:09:57 690,642 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-07-22 06:07:40 690,642 ----a-w C:\Windows\System32\perfh00C.dat
    + 2007-07-23 09:54:30 28,672 ----a-w C:\Windows\System32\QuickTime.dll
    + 2007-07-23 09:54:40 129,024 ----a-w C:\Windows\System32\RealMedia.dll
    - 2008-01-19 07:36:17 785,408 ----a-w C:\Windows\System32\rpcrt4.dll
    + 2008-04-12 03:32:11 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
    - 2006-07-24 09:50:40 39,728 ----a-w C:\Windows\System32\SCP32.DLL
    + 1998-03-25 03:54:08 15,872 ----a-w C:\Windows\System32\SCP32.DLL
    - 2008-01-19 07:36:10 11,580,416 ----a-w C:\Windows\System32\shell32.dll
    + 2008-04-24 04:58:20 11,580,416 ----a-w C:\Windows\System32\shell32.dll
    - 2008-06-24 19:57:35 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-07-18 06:02:39 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2007-03-23 02:04:52 24,456 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\ADREGP.DLL
    + 2007-03-23 20:18:34 190,072 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\ADUIGP.DLL
    + 2008-01-19 07:35:31 731,648 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\PS5UI.DLL
    + 2008-01-19 07:35:31 543,744 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\PSCRIPT5.DLL
    + 2007-05-10 21:13:07 24,456 ----a-w C:\Windows\System32\spool\drivers\w32x86\AdReGP.dll
    + 2007-05-10 21:13:22 190,072 ----a-w C:\Windows\System32\spool\drivers\w32x86\ADUIGP.dll
    + 2003-05-05 14:47:20 131,072 ----a-w C:\Windows\System32\spool\drivers\w32x86\ps5ui.dll
    + 2003-05-05 14:47:20 455,168 ----a-w C:\Windows\System32\spool\drivers\w32x86\PSCRIPT5.DLL
    + 1998-07-12 23:00:00 21,504 ----a-w C:\Windows\System32\TABCTFR.DLL
    - 2007-03-21 19:54:16 77,312 ----a-w C:\Windows\System32\TWAIN_32.DLL
    + 2007-03-21 18:54:16 77,312 ----a-w C:\Windows\System32\TWAIN_32.DLL
    - 2007-03-21 19:54:16 48,560 ----a-w C:\Windows\System32\TWUNK_16.EXE
    + 2007-03-21 18:54:16 48,560 ----a-w C:\Windows\System32\TWUNK_16.EXE
    - 2007-03-21 19:54:16 69,632 ----a-w C:\Windows\System32\TWUNK_32.EXE
    + 2007-03-21 18:54:16 69,632 ----a-w C:\Windows\System32\TWUNK_32.EXE
    - 2006-07-24 09:50:40 47,920 ----a-w C:\Windows\System32\VBAME.DLL
    + 1998-12-24 18:23:22 40,960 ----a-w C:\Windows\System32\VBAME.DLL
    - 2008-06-25 09:50:46 7,064 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1671650471-1359556007-2912313553-1000_UserData.bin
    + 2008-07-22 05:44:31 7,976 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1671650471-1359556007-2912313553-1000_UserData.bin
    - 2008-06-23 16:27:21 9,110 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1671650471-1359556007-2912313553-1001_UserData.bin
    + 2008-07-23 07:59:41 10,840 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1671650471-1359556007-2912313553-1001_UserData.bin
    - 2008-06-25 09:50:46 69,238 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-07-23 07:59:40 72,766 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-21 17:08:44 4,336 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-07-22 19:58:12 6,464 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-06-25 09:50:45 46,548 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-07-23 07:59:35 53,366 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-21 16:08:44 242,394 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2008-07-19 10:48:13 255,688 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2005-02-24 11:51:38 348,160 ----a-w C:\Windows\System32\WMAFile.dll
    - 2008-06-24 04:38:41 119,470,241 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-07-09 06:45:14 123,051,695 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-05-10 03:35:15 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\emdmgmt.dll
    + 2008-05-10 03:17:36 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22176_none_9ecfdb62100b5ca7\emdmgmt.dll
    + 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NaturalLanguage6.dll
    + 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0000.dll
    + 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0001.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0002.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0003.dll
    + 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0007.dll
    + 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0009.dll
    + 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000a.dll
    + 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000c.dll
    + 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000d.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000f.dll
    + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0010.dll
    + 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0011.dll
    + 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0013.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0018.dll
    + 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0019.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001a.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001b.dll
    + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001d.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0020.dll
    + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0021.dll
    + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0022.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0024.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0026.dll
    + 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0027.dll
    + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData002a.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0039.dll
    + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData003e.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0045.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0046.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0047.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0049.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004a.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004b.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004c.dll
    + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004e.dll
    + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0414.dll
    + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0416.dll
    + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0816.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData081a.dll
    + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0c1a.dll
    + 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0001.dll
    + 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0002.dll
    + 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0003.dll
    + 2008-06-26 00:33:35 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0007.dll
    + 2008-06-26 00:33:33 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0009.dll
    + 2008-06-26 00:33:39 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000a.dll
    + 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000c.dll
    + 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000d.dll
    + 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000f.dll
    + 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0010.dll
    + 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0011.dll
    + 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0013.dll
    + 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0018.dll
    + 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0019.dll
    + 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001a.dll
    + 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001b.dll
    + 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001d.dll
    + 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0020.dll
    + 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0021.dll
    + 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0022.dll
    + 2008-06-26 00:34:39 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0024.dll
    + 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0026.dll
    + 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0027.dll
    + 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons002a.dll
    + 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0039.dll
    + 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons003e.dll
    + 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0045.dll
    + 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0046.dll
    + 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0047.dll
    + 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0049.dll
    + 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004a.dll
    + 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004b.dll
    + 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004c.dll
    + 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004e.dll
    + 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0414.dll
    + 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0416.dll
    + 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0816.dll
    + 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons081a.dll
    + 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0c1a.dll
    + 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsModels0011.dll
    + 2008-06-26 03:18:12 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NaturalLanguage6.dll
    + 2008-06-26 03:18:18 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0000.dll
    + 2008-06-26 03:18:19 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0001.dll
    + 2008-06-26 03:18:20 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0002.dll
    + 2008-06-26 03:18:21 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0003.dll
    + 2008-06-26 03:18:21 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0007.dll
    + 2008-06-26 03:18:22 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0009.dll
    + 2008-06-26 03:18:24 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000a.dll
    + 2008-06-26 03:18:24 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000c.dll
    + 2008-06-26 03:18:26 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000d.dll
    + 2008-06-26 03:18:26 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000f.dll
    + 2008-06-26 03:18:30 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0010.dll
    + 2008-06-26 03:18:32 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0011.dll
    + 2008-06-26 03:18:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0013.dll
    + 2008-06-26 03:18:34 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0018.dll
    + 2008-06-26 03:18:38 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0019.dll
    + 2008-06-26 03:18:38 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001a.dll
    + 2008-06-26 03:18:40 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001b.dll
    + 2008-06-26 03:18:42 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001d.dll
    + 2008-06-26 03:18:43 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0020.dll
    + 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0021.dll
    + 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0022.dll
    + 2008-06-26 03:18:44 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0024.dll
    + 2008-06-26 03:18:45 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0026.dll
    + 2008-06-26 03:18:45 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0027.dll
    + 2008-06-26 03:18:46 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData002a.dll
    + 2008-06-26 03:18:46 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0039.dll
    + 2008-06-26 03:18:47 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData003e.dll
    + 2008-06-26 03:18:49 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0045.dll
    + 2008-06-26 03:18:51 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0046.dll
    + 2008-06-26 03:18:52 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0047.dll
    + 2008-06-26 03:18:53 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0049.dll
    + 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004a.dll
    + 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004b.dll
    + 2008-06-26 03:18:57 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004c.dll
    + 2008-06-26 03:18:58 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004e.dll
    + 2008-06-26 03:19:00 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0414.dll
    + 2008-06-26 03:19:01 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0416.dll
    + 2008-06-26 03:19:04 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0816.dll
    + 2008-06-26 03:19:04 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData081a.dll
    + 2008-06-26 03:19:05 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0c1a.dll
    + 2008-06-26 00:30:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0001.dll
    + 2008-06-26 00:31:26 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0002.dll
    + 2008-06-26 00:30:49 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0003.dll
    + 2008-06-26 00:30:39 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0007.dll
    + 2008-06-26 00:30:36 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0009.dll
    + 2008-06-26 00:30:47 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000a.dll
    + 2008-06-26 00:30:37 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000c.dll
    + 2008-06-26 00:30:43 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000d.dll
    + 2008-06-26 00:30:54 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000f.dll
    + 2008-06-26 00:30:55 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0010.dll
    + 2008-06-26 00:30:45 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0011.dll
    + 2008-06-26 00:30:11 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0013.dll
    + 2008-06-26 00:31:06 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0018.dll
    + 2008-06-26 00:31:09 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0019.dll
    + 2008-06-26 00:30:50 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001a.dll
    + 2008-06-26 00:31:46 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001b.dll
    + 2008-06-26 00:31:23 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001d.dll
    + 2008-06-26 00:31:44 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0020.dll
    + 2008-06-26 00:30:48 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0021.dll
    + 2008-06-26 00:31:40 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0022.dll
    + 2008-06-26 00:31:48 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0024.dll
    + 2008-06-26 00:31:35 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0026.dll
    + 2008-06-26 00:30:57 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0027.dll
    + 2008-06-26 00:31:34 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons002a.dll
    + 2008-06-26 00:30:53 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0039.dll
    + 2008-06-26 00:30:59 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons003e.dll
    + 2008-06-26 00:31:25 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0045.dll
    + 2008-06-26 00:31:04 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0046.dll
    + 2008-06-26 00:30:52 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0047.dll
    + 2008-06-26 00:31:32 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0049.dll
    + 2008-06-26 00:31:33 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004a.dll
    + 2008-06-26 00:31:29 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004b.dll
    + 2008-06-26 00:31:45 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004c.dll
    + 2008-06-26 00:31:30 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004e.dll
    + 2008-06-26 00:31:00 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0414.dll
    + 2008-06-26 00:31:03 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0416.dll
    + 2008-06-26 00:31:02 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0816.dll
    + 2008-06-26 00:31:22 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons081a.dll
    + 2008-06-26 00:31:16 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0c1a.dll
    + 2008-06-26 00:30:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsModels0011.dll
    + 2008-06-26 03:29:06 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NaturalLanguage6.dll
    + 2008-01-19 07:35:38 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0000.dll
    + 2008-01-19 07:35:39 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0001.dll
    + 2008-01-19 07:35:39 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0002.dll
    + 2008-01-19 07:35:40 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0003.dll
    + 2008-01-19 07:35:40 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0007.dll
    + 2008-01-19 07:35:42 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0009.dll
    + 2008-01-19 07:35:44 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000a.dll
    + 2008-01-19 07:35:45 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000c.dll
    + 2008-01-19 07:35:46 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000d.dll
    + 2008-01-19 07:35:46 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000f.dll
    + 2008-01-19 07:35:46 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0010.dll
    + 2008-01-19 07:35:46 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0011.dll
    + 2008-01-19 07:35:47 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0013.dll
    + 2008-01-19 07:35:47 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0018.dll
    + 2008-01-19 07:35:47 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0019.dll
    + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001a.dll
    + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001b.dll
    + 2008-01-19 07:35:49 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001d.dll
    + 2008-01-19 07:35:49 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0020.dll
    + 2008-01-19 07:
    23 Juillet 2008 16:10:15

    Poste la fin du rapport.
    24 Juillet 2008 21:17:29

    J'ai du le refaire car je ne retrouve pas le rapport:


    ComboFix 08-07-22.3 - Thomas 2008-07-24 21:13:33.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1481 [GMT 2:00]
    Endroit: C:\Users\Thomas\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-23 21:37 . 2008-07-23 21:37 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-07-23 21:36 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\System32\tmp2AB5.tmp
    2008-07-23 20:53 . 2008-07-23 21:31 <REP> d-------- C:\Program Files\GRID
    2008-07-23 20:46 . 2008-07-23 20:46 <REP> d-------- C:\Program Files\OpenAL
    2008-07-23 20:46 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\System32\tmpA4D3.tmp
    2008-07-23 20:46 . 2008-07-23 21:36 444,952 --a------ C:\WINDOWS\System32\wrap_oal.dll
    2008-07-23 20:46 . 2008-07-23 21:36 109,080 --a------ C:\WINDOWS\System32\OpenAL32.dll
    2008-07-23 20:42 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\System32\tmpA474.tmp
    2008-07-23 20:42 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\System32\tmp8C91.tmp
    2008-07-23 20:42 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\System32\tmp2A28.tmp
    2008-07-21 19:38 . 2008-07-21 19:50 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-21 14:48 . 2008-07-21 14:48 <REP> d-------- C:\Users\Thomas\AppData\Roaming\SystemRequirementsLab
    2008-07-21 14:48 . 2008-07-21 14:48 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-07-21 14:47 . 2008-07-21 14:47 <REP> d-------- C:\WINDOWS\Sun
    2008-07-21 09:33 . 2008-07-22 09:43 <REP> d-------- C:\Toolbar SD
    2008-07-20 13:53 . 2008-07-20 13:53 <REP> d-------- C:\Program Files\RocketDock
    2008-07-18 12:11 . 2008-07-18 12:11 <REP> d-------- C:\Program Files\Smallvideosoft
    2008-07-18 12:11 . 2008-07-18 12:11 <REP> d-------- C:\Mp3 Output
    2008-07-18 12:11 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\System32\NCMedia.dll
    2008-07-18 12:11 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\System32\xvidcore.dll
    2008-07-18 12:11 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\System32\libmp3lame-0.dll
    2008-07-18 11:57 . 2008-07-18 11:57 <REP> d-------- C:\Program Files\Amond Software
    2008-07-18 07:02 . 2008-06-26 03:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
    2008-07-18 07:02 . 2008-06-26 03:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll
    2008-07-18 07:02 . 2008-06-26 05:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll
    2008-07-17 19:48 . 2008-07-17 19:48 <REP> d-------- C:\Program Files\Free Audio Pack
    2008-07-17 19:47 . 2008-07-22 10:41 <REP> d-------- C:\Program Files\Free FLV Converter
    2008-07-17 19:47 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\System32\PropertyGrid.ocx
    2008-07-17 19:47 . 2008-07-12 04:52 233,472 --a------ C:\WINDOWS\System32\TubeFinder.exe
    2008-07-17 19:47 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\System32\ReyXpBasics.tlb
    2008-07-17 19:47 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\System32\MSCMCFR.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 101,888 --a------ C:\WINDOWS\System32\VB6STKIT.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\System32\PICCLP32.OCX
    2008-07-17 19:47 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\System32\CMDLGFR.DLL
    2008-07-17 19:47 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\System32\ControlSubX.ocx
    2008-07-17 19:47 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\System32\PCCLPFR.DLL
    2008-07-17 19:41 . 2008-07-17 19:41 <REP> d-------- C:\Program Files\Wondershare
    2008-07-16 20:54 . 2008-07-16 20:54 <REP> d-------- C:\Users\Thomas\Les Sims 2
    2008-07-15 19:37 . 2008-07-15 19:37 107,888 --a------ C:\WINDOWS\System32\CmdLineExt.dll
    2008-07-15 11:05 . 2008-07-18 14:14 <REP> d-------- C:\Program Files\EA GAMES
    2008-07-15 11:05 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\System32\vp6vfw.dll
    2008-07-14 11:31 . 2008-07-14 11:33 <REP> d-------- C:\Users\All Users\ma-config.com
    2008-07-14 11:31 . 2008-07-14 11:33 <REP> d-------- C:\ProgramData\ma-config.com
    2008-07-14 11:31 . 2008-07-14 11:31 <REP> d-------- C:\Program Files\ma-config.com
    2008-07-13 18:51 . 2008-07-13 18:51 <REP> d-------- C:\Program Files\iTunes
    2008-07-13 18:51 . 2008-07-13 18:51 <REP> d-------- C:\Program Files\iPod
    2008-07-12 17:21 . 2008-07-12 17:22 <REP> d-------- C:\Program Files\VirtualDJ
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Users\Thomas\AppData\Roaming\ScanSoft
    2008-07-08 21:25 . 2008-07-08 21:25 <REP> d-------- C:\Program Files\Common Files\Control Panels
    2008-07-08 21:22 . 2008-07-08 21:22 <REP> d-------- C:\Users\All Users\ALM
    2008-07-08 21:22 . 2008-07-08 21:22 <REP> d-------- C:\ProgramData\ALM
    2008-07-08 21:03 . 2007-03-23 04:05 29,272 -ra------ C:\WINDOWS\System32\AdobePDF.dll
    2008-07-06 18:38 . 2008-07-24 11:09 <REP> d-------- C:\Users\Famille Bertran\AppData\Roaming\OpenOffice.org2
    2008-07-03 13:45 . 2008-07-03 13:45 <REP> d-------- C:\Program Files\Razer
    2008-07-03 13:45 . 2004-12-16 22:52 53,248 --a------ C:\WINDOWS\System32\razer.cpl
    2008-07-02 18:00 . 2008-07-02 18:00 <REP> d-------- C:\Users\Thomas\AppData\Roaming\Mumble
    2008-07-02 17:59 . 2008-07-02 18:00 <REP> d-------- C:\Program Files\Mumble
    2008-07-02 13:28 . 2008-07-24 13:11 <REP> d-------- C:\Users\Thomas\AppData\Roaming\OpenOffice.org2
    2008-07-02 13:26 . 2008-07-02 13:26 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-30 16:29 . 2008-07-01 10:04 <REP> d-------- C:\Program Files\Live for Speed S2
    2008-06-30 12:38 . 2008-07-01 10:59 <REP> d-------- C:\Program Files\Counter-Strike
    2008-06-27 17:42 . 2008-06-27 17:42 <REP> d-------- C:\HLServer
    2008-06-27 10:39 . 2008-06-27 10:39 <REP> d-------- C:\Users\All Users\VCOM
    2008-06-27 10:39 . 2008-06-27 10:39 <REP> d-------- C:\ProgramData\VCOM
    2008-06-27 10:38 . 2008-06-27 10:39 <REP> d-------- C:\Users\Thomas\AppData\Roaming\VCOM
    2008-06-27 10:36 . 2008-06-27 10:36 <REP> d-------- C:\Program Files\VCOM
    2008-06-24 06:40 . 2008-06-24 06:40 <REP> d-------- C:\Program Files\Microsoft Silverlight

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-24 18:09 --------- d-----w C:\Users\Thomas\AppData\Roaming\uTorrent
    2008-07-24 17:14 --------- d-----w C:\Program Files\Steam
    2008-07-24 17:10 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
    2008-07-24 13:41 --------- d-----w C:\Users\Thomas\AppData\Roaming\teamspeak2
    2008-07-23 10:49 --------- d---a-w C:\ProgramData\TEMP
    2008-07-22 10:00 --------- d-----w C:\Users\Thomas\AppData\Roaming\Skype
    2008-07-22 09:18 --------- d-----w C:\Program Files\Nero
    2008-07-22 07:25 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
    2008-07-22 07:25 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
    2008-07-22 07:25 20 ---h--w C:\ProgramData\PKP_DLec.DAT
    2008-07-22 07:25 20 ---h--w C:\ProgramData\PKP_DLds.DAT
    2008-07-18 13:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-07-17 08:55 --------- d-----w C:\Program Files\Common Files\Steam
    2008-07-14 16:15 --------- d-----w C:\Program Files\Snapshot Viewer
    2008-07-14 10:18 --------- d-----w C:\Users\Thomas\AppData\Roaming\FileZilla
    2008-07-13 16:50 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 11:42 --------- d-----w C:\Program Files\Java
    2008-07-12 10:08 --------- d-----w C:\ProgramData\TrackMania
    2008-07-09 17:35 --------- d-----w C:\Program Files\Opera
    2008-07-09 07:02 --------- d-----w C:\Program Files\Windows Mail
    2008-07-08 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-07-07 17:15 --------- d-----w C:\Users\Thomas\AppData\Roaming\Apple Computer
    2008-07-07 06:59 --------- d-----w C:\Program Files\Safari
    2008-07-04 06:51 --------- d-----w C:\ProgramData\NVIDIA
    2008-07-03 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-28 12:30 --------- d-----w C:\Users\Thomas\AppData\Roaming\SPORE Creature Creator
    2008-06-23 17:05 --------- d-----w C:\Program Files\Trend Micro
    2008-06-23 16:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-06-22 19:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 11:52 --------- d-----w C:\Program Files\Electronic Arts
    2008-06-21 17:25 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\DAEMON Tools
    2008-06-21 16:16 --------- d--h--r C:\Users\Thomas\AppData\Roaming\SecuROM
    2008-06-21 09:43 --------- d-----w C:\ProgramData\Electronic Arts
    2008-06-19 15:48 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-06-19 15:47 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-06-15 17:19 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\vlc
    2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
    2008-06-08 17:49 --------- d-----w C:\Program Files\TVAntsX
    2008-06-07 17:33 --------- d-----w C:\Program Files\SteamKeyFr
    2008-05-31 19:03 --------- d-----w C:\ProgramData\Sony
    2008-05-31 19:03 --------- d-----w C:\Program Files\Vstplugins
    2008-05-31 19:03 --------- d-----w C:\Program Files\Sony
    2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
    2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
    2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
    2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
    2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
    2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
    2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
    2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
    2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
    2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
    2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
    2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
    2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
    2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
    2008-05-25 08:41 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\Canon
    2008-05-24 17:41 --------- d-----w C:\Users\Thomas\AppData\Roaming\Canon
    2008-05-18 10:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-05-18 10:45 22,328 ----a-w C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
    2008-05-18 10:45 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
    2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
    2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
    2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
    2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
    2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
    2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
    2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-13 17:59 1,596,094 ----a-w C:\Users\Thomas\mbam-setup.exe
    2008-04-13 09:50 158,601 ----a-w C:\Users\Thomas\885662@141_Terrorist v2.0.zip
    2008-03-29 09:39 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot_2008-07-24_21.10.04.97 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-24 19:02:26 6,299,648 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
    + 2008-07-24 19:13:16 6,299,648 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "HPADVISOR"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
    "Steam"="c:\program files\steam\steam.exe" [2008-04-23 20:51 1271032]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-05-16 18:16 2732032]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\WINDOWS\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-06-25 06:48 67112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\WINDOWS\RtHDVCpl.exe]

    C:\Users\Famille Bertran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

    C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-03-22 15:33:50 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E54729E8-BB3D-4270-9D49-7389EA579090}"= "C:\Windows\system32\EZUPBH~1.DLL" [2008-03-29 12:12 49152]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "AntivirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{83BCDC0E-0E1E-48FE-B89C-06341343FA45}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{AD4DF904-F206-4CCB-8B49-A580CB409102}C:\\program files\\steam\\steamapps\\krashkiller\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\krashkiller\counter-strike source\hl2.exe:hl2
    "UDP Query User{C426582B-9D8C-4F48-A8D2-A5FCFB5AA7ED}C:\\program files\\steam\\steamapps\\krashkiller\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\krashkiller\counter-strike source\hl2.exe:hl2
    "{1341D295-C0A4-42B5-A697-E40506A0DB5B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C140A864-E37F-4C71-A4EF-2E2913889403}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{36BDA2BD-22CB-49CE-A3E6-6654BEF8C2DA}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B515D7D1-82BE-4878-A44C-5B5CD56969F0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{27365AA9-3249-444B-9510-E4BA6F736BB9}C:\\users\\thomas\\desktop\\nk176-standalone\\nk176-standalone\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:C:\users\thomas\desktop\nk176-standalone\nk176-standalone\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe
    "UDP Query User{D65B989C-1497-4901-AFEC-73EF0C44B7D5}C:\\users\\thomas\\desktop\\nk176-standalone\\nk176-standalone\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:C:\users\thomas\desktop\nk176-standalone\nk176-standalone\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe
    "TCP Query User{83D25E11-C5FB-4D46-9E34-7F594292687F}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{DD36A09A-1E68-418E-86A0-11D914721129}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{4F4D30D4-79E5-4E0C-B206-C1F6499499D4}C:\\program files\\steam\\steamapps\\krashkiller\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\krashkiller\source dedicated server\srcds.exe:srcds
    "UDP Query User{6DA0DB1F-A2CF-4760-9EF7-CEA435FEA8F2}C:\\program files\\steam\\steamapps\\krashkiller\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\krashkiller\source dedicated server\srcds.exe:srcds
    "TCP Query User{E1EA60E9-4229-406B-B616-44387FF288E0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{D3E8800B-AAA2-4744-B6D4-2C115E31E61D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "{A3590DF9-C478-4602-924C-B5649911691A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EA2AB234-819C-4FA8-AEAE-7A41E9C0AC58}"= UDP:C:\WINDOWS\System32\PnkBstrA.exe:p nkBstrA
    "{249A0B04-EF55-49A3-B7C1-C917863B2F37}"= TCP:C:\WINDOWS\System32\PnkBstrA.exe:p nkBstrA
    "{EF82C6FD-4BCE-4C63-94F3-30547DCCC4B2}"= UDP:C:\WINDOWS\System32\PnkBstrB.exe:p nkBstrB
    "{3EDDAF3D-A215-451F-87DE-D9B5A6E4D300}"= TCP:C:\WINDOWS\System32\PnkBstrB.exe:p nkBstrB
    "TCP Query User{5035D13C-219D-4159-A4DD-F4BE87A800FA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{29C50335-BCFC-4AC9-8601-F19C7206B1D2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{5E90F7AB-72D4-4B57-87A1-24752DC10B38}C:\\program files\\steam\\steamapps\\timothe_dehaene\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\timothe_dehaene\counter-strike source\hl2.exe:hl2
    "UDP Query User{FE0A54BB-7BFD-42B2-87D1-9D0E80AD5EAF}C:\\program files\\steam\\steamapps\\timothe_dehaene\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\timothe_dehaene\counter-strike source\hl2.exe:hl2
    "TCP Query User{0DAA9C3F-CA6C-4483-A9D3-FBE83BFFFD27}C:\\program files\\steam\\steamapps\\draze38\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\draze38\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{F13FA0CC-2A27-4D52-A2FC-59B28BC0D405}C:\\program files\\steam\\steamapps\\draze38\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\draze38\counter-strike\hl.exe:Half-Life Launcher
    "{095F3F25-8BF2-44F9-AEB5-66197486BF9A}"= UDP:63331:Windows Live OneCare
    "{397AF7C9-DFF4-479C-B6C5-35BF57418893}"= UDP:3703:Adobe Version Cue CS3 Server
    "{886B131E-46CC-464F-A7CD-BD1BBCDCB5AF}"= UDP:3704:Adobe Version Cue CS3 Server
    "{7C948EB0-E68B-4036-930C-1252225DDA3A}"= UDP:50900:Adobe Version Cue CS3 Server
    "{0AD7827A-E742-4872-AF4C-E91B88DF711F}"= UDP:50901:Adobe Version Cue CS3 Server
    "{79A0730D-657F-41F6-9244-6900DDBD25F9}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
    "{378C1E6E-8F8D-4414-B49D-11D3E07EC314}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
    "{B289A7D3-8644-4CB2-81D5-83297D74B3A9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{AA892AE5-E2B8-4FF4-A7AA-E266D2561444}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{A803EF65-7FE9-475B-9F95-C4428C2A4B5E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{B79FF3F1-FFA6-4F18-B963-CFBA5C6D6091}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{2660FE33-C4B3-4991-B9C1-F3BC57B2E176}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{DC4EE414-6465-420E-8A7C-5A6CC751A6F8}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{B7BFE8DE-2096-4530-8051-C4DD396456C5}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{1AA19F68-7879-4264-8BA3-650DBD22A3B3}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{1DCE5E40-E9E3-40F3-B35A-9341F4D879A0}"= UDP:63331:Windows Live OneCare
    "{41D2F49E-90C5-4DDF-B963-90FC3363F9E3}"= UDP:63331:Windows Live OneCare

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2008-03-29 12:12]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-06-25 06:47]
    R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-17 09:52]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d77faa8-4032-11dd-9ab6-001bb9d68e98}]
    \shell\AutoRun\command - K:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d77faaa-4032-11dd-9ab6-001bb9d68e98}]
    \shell\AutoRun\command - M:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d77faac-4032-11dd-9ab6-001bb9d68e98}]
    \shell\AutoRun\command - N:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4485f1-2428-11dd-959b-001bb9d68e98}]
    \shell\AutoRun\command - J:\Setup.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-18 13:00:14 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-03-08 13:30:12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=Pavilion&pf=desktop
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=Pavilion&pf=desktop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 -: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 -: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O16 -: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
    C:\Windows\Downloaded Program Files\SETUP.INF


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-24 21:15:18
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-24 21:17:25
    ComboFix-quarantined-files.txt 2008-07-24 19:16:46
    ComboFix2.txt 2008-07-24 19:11:49
    ComboFix3.txt 2008-07-23 11:00:02
    ComboFix4.txt 2008-06-25 10:20:56

    Pre-Run: 187,056,680,960 octets libres
    Post-Run: 187,021,033,472 octets libres

    337 --- E O F --- 2008-07-24 09:07:47
    25 Juillet 2008 13:33:34

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    27 Juillet 2008 22:42:09

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 879

    22:05:11 27/07/2008
    mbam-log-7-27-2008 (22-05-01).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 354760
    Temps écoulé: 1 hour(s), 5 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Acrobat 8.0 Keygen\Adobe Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
    C:\Users\Thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.AntiSpywareExpert) -> No action taken.
    C:\Users\Famille Bertran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.AntiSpywareExpert) -> No action taken.
    27 Juillet 2008 23:21:10

    Re,

    C'est mieux ?

    Poste un nouveau rapport HijackThis.
    28 Juillet 2008 16:23:13

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:59, on 22/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Razer\razerhid.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Razer\razerofa.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ddcCTmnM.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 14941 bytes
    28 Juillet 2008 17:09:21

    Re,

  • Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Symantec
  • Norton
  • LiveUpdate..

    Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    1 Août 2008 10:36:57



    Avira AntiVir Personal
    Report file date: jeudi 31 juillet 2008 23:17

    Scanning for 1523821 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Save mode
    Username: Famille Bertran
    Computer name: FAMILLEBERTRAN

    Version information:
    BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 20:58:18
    ANTIVIR3.VDF : 7.0.5.200 212480 Bytes 31/07/2008 20:58:19
    Engineversion : 8.1.1.15
    AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
    AESCRIPT.DLL : 8.1.0.61 311675 Bytes 31/07/2008 20:58:27
    AESCN.DLL : 8.1.0.23 119156 Bytes 31/07/2008 20:58:26
    AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
    AEPACK.DLL : 8.1.2.1 364917 Bytes 31/07/2008 20:58:26
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 31/07/2008 20:58:25
    AEHEUR.DLL : 8.1.0.44 1343863 Bytes 31/07/2008 20:58:24
    AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
    AEGEN.DLL : 8.1.0.32 315765 Bytes 31/07/2008 20:58:22
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 20:58:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 20:58:20
    AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 20:58:19
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, L:, M:, N:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 31 juillet 2008 23:17

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'mobsync.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    20 processes with 20 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [INFO] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [INFO] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [INFO] In the drive 'I:\' no data medium is inserted!
    Boot sector 'L:\'
    [INFO] In the drive 'L:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '57' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\$Recycle.Bin\S-1-5-21-1671650471-1359556007-2912313553-1001\$RVAAZDG\Ultimate_SA_Stunters_Package_v3-2\Ultimate SA Stunter's Package v3.2\Modding\SA Ultimate Editor\KewlButtonz.ocx
    [DETECTION] Contains recognition pattern of a probably damaged CC/Agent sample
    [NOTE] The file was moved to '4909a49c.qua'!
    C:\Program Files\Mozilla Firefox\PhotoShop CS2\pcs2.doc
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    [NOTE] The file was moved to '4905ace4.qua'!
    C:\Program Files\Mozilla Firefox\PhotoShop CS2\activation crack\21cs2_ps_dynatech.zip
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Agent.59904.B Trojan
    [NOTE] The file was moved to '48f5acb2.qua'!
    C:\Users\Famille Bertran\Downloads\By Playershit Public v0.7.rar
    [0] Archive type: RAR
    --> By Playershit Public v0.7\By Playershit Public v0.7.exe
    [DETECTION] Is the TR/Agent.380928.D Trojan
    [NOTE] The file was moved to '48b2b15d.qua'!
    C:\Users\Famille Bertran\Downloads\By Playershit Public v0.7\By Playershit Public v0.7\By Playershit Public v0.7.exe
    [DETECTION] Is the TR/Agent.380928.D Trojan
    [NOTE] The file was moved to '48b2b1a0.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\ACDSee 8.0 Photo Manager Keygen\Keygen 8.0 Pro.exe
    [DETECTION] Is the TR/Spy.Gampass.BH Trojan
    [NOTE] The file was moved to '490bb18e.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Acrobat 8.0 Keygen\Adobe Acrobat 8 Pro Keygen.exe
    [DETECTION] Is the TR/Agent.53760.O Trojan
    [NOTE] The file was moved to '4901b18e.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe CS3 Design Premium Keygen\Adobe CS3 Design Premium Keygen.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
    [NOTE] The file was moved to '4aaa16a7.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe CS3 Web Premium Keygen\Adobe CS3 Web Premium Keygen.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.581 back-door program
    [NOTE] The file was moved to '4901b180.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Dreamweaver CS3 Keygen\Adobe Dreamweaver CS3 Keygen.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.8 Trojan
    [NOTE] The file was moved to '4901b18f.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Dreamweaver CS3 Keygen\DreamWeaver CS3 Keygen + Activation.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.11 Trojan
    [NOTE] The file was moved to '48f7b19d.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Encore CS3 Keygen\Encore DVD 2.0 keygen.exe
    [DETECTION] Is the TR/PSWeric5.AFKE Trojan
    [NOTE] The file was moved to '48f5b199.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Fireworks CS3 Keygen\FireWorks CS3 Keygen + Activation.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.13 Trojan
    [NOTE] The file was moved to '4904b194.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Flash CS3 Keygen\Adobe Flash CS3 Keygen.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.14 Trojan
    [NOTE] The file was moved to '4901b190.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Flash CS3 Keygen\Flash CS3 Keygen + Activation.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.10 Trojan
    [NOTE] The file was moved to '48f3b198.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Adobe Photoshop CS3 Keygen\Adobe Photoshop CS3 Keygen.exe
    [DETECTION] Is the TR/Proxy.Horst.aae.12 Trojan
    [NOTE] The file was moved to '4aaa1a89.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\WinDVD Platinum 8.0.06.110 Keygen\keygen.exe
    [DETECTION] Is the TR/Keygen.BM Trojan
    [NOTE] The file was moved to '490bb193.qua'!
    C:\Users\Famille Bertran\Downloads\Keygen_2007_v.1.0.0\Keygen_2007_v.1.0.0\Xilisoft 3GP Video Converter 2.1.55.1008 Keygen\keygen.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/AEJT.A back-door program
    [NOTE] The file was moved to '4ab3f0fc.qua'!
    C:\Users\Thomas\Desktop\VC Utilitaire Stunt.rar
    [0] Archive type: RAR
    --> VC Utilitaire Stunt\Spoosh_Demo.zip
    [1] Archive type: ZIP
    --> Spoosh Demo/spooshdemo.exe
    [2] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '48b2b376.qua'!
    C:\Users\Thomas\Desktop\Fuck le tri²\Adobe CS3 Master Collection Français.rar
    [0] Archive type: RAR
    --> Adobe CS3 Master Collection Franヌais\MasterCollectionCS3KEYGEN+ACTIVATION.EXE
    [DETECTION] Is the TR/Agent.55481 Trojan
    [NOTE] The file was moved to '4901b45b.qua'!
    C:\Users\Thomas\Desktop\Fuck le tri²\spooshdemo.exe
    [0] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b529.qua'!
    C:\Users\Thomas\Desktop\Fuck le tri²\Adobe CS3 Master Collection Français\Adobe CS3 Master Collection Français\MasterCollectionCS3KEYGEN+ACTIVATION.EXE
    [DETECTION] Is the TR/Agent.55481 Trojan
    [NOTE] The file was moved to '4905b51e.qua'!
    C:\Users\Thomas\Desktop\VC Utilitaire Stunt\VC Utilitaire Stunt\Spoosh_Demo.zip
    [0] Archive type: ZIP
    --> Spoosh Demo/spooshdemo.exe
    [1] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b540.qua'!
    C:\Users\Thomas\Desktop\VC Utilitaire Stunt\VC Utilitaire Stunt\Spoosh_Demo\Spoosh Demo\spooshdemo.exe
    [0] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b542.qua'!
    C:\Users\Thomas\Desktop\VC+VC CC + SPOOSH + VCMP\Vice City\spooshdemo.exe
    [0] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b543.qua'!
    C:\Users\Thomas\Desktop\[PC GAMES] GTA-Grand Theft Auto- Vice City- Full Version full version - pal multi 5 seedet by mr.bry\spooshdemo.exe
    [0] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b549.qua'!
    C:\Users\Thomas\Documents\Downloads\Spore Creature Creator - Full ( No Serial Needed ) - PreCracked\Spore Creature Creator - Full ( No Serial Needed ) - PreCracked.rar
    [0] Archive type: RAR
    --> Autorun.exe
    [DETECTION] Contains recognition pattern of the DR/Drop.Agent.ter dropper
    [NOTE] The file was moved to '4901b5ab.qua'!
    C:\Users\Thomas\Documents\Downloads\Spore Creature Creator - Full Edition (No Serial Needed)\Spore Creature Creator - Full ( No Serial Needed ) - PreCracked.rar
    [0] Archive type: RAR
    --> Autorun.exe
    [DETECTION] Contains recognition pattern of the DR/Drop.Agent.ter dropper
    [NOTE] The file was moved to '4901b615.qua'!
    C:\Users\Thomas\Documents\Downloads\Spore Creature Creator - Full Edition (No Serial Needed)\Spore Creature Creator - Full ( No Serial Needed ) - PreCracked\Autorun.exe
    [DETECTION] Contains recognition pattern of the DR/Drop.Agent.ter dropper
    [NOTE] The file was moved to '4906b61c.qua'!
    C:\Users\Thomas\Documents\Downloads\Steam hack KeyGen and hack for Steam\KeySteaCollection.rar
    [0] Archive type: RAR
    --> KeySteam Collection\keysteam 0.4.exe
    [DETECTION] Is the TR/Agent.1761280 Trojan
    --> KeySteam Collection\keysteam 0.7.exe
    [DETECTION] Is the TR/Agent.1826816 Trojan
    [NOTE] The file was moved to '490bb64b.qua'!
    C:\Users\Thomas\Documents\Downloads\Steam hack KeyGen and hack for Steam\SteamKeycollection_1.1.rar
    [0] Archive type: RAR
    --> SteamKeycollection\keysteam 0.7.exe
    [DETECTION] Is the TR/Agent.1826816 Trojan
    [NOTE] The file was moved to '48f7b65b.qua'!
    C:\Users\Thomas\Documents\Mes fichiers reçus\Spoosh_Demo.zip
    [0] Archive type: ZIP
    --> Spoosh Demo/spooshdemo.exe
    [1] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b67f.qua'!
    C:\Users\Thomas\Downloads\VC Utilitaire Stunt.rar
    [0] Archive type: RAR
    --> VC Utilitaire Stunt\Spoosh_Demo.zip
    [1] Archive type: ZIP
    --> Spoosh Demo/spooshdemo.exe
    [2] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '48b2b6c7.qua'!
    C:\Users\Thomas\Downloads\VC Utilitaire Stunt\VC Utilitaire Stunt\Spoosh_Demo.zip
    [0] Archive type: ZIP
    --> Spoosh Demo/spooshdemo.exe
    [1] Archive type: OVL
    --> Object
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    [NOTE] The file was moved to '4901b6f6.qua'!
    C:\Users\Thomas\Jeux+logiciel\Internet SécurityPro by moreno.rar
    [0] Archive type: RAR
    --> Internet SツcurityPro by moreno\CR-TIS08.exe
    [DETECTION] Is the TR/Dldr.Delf.kbw Trojan
    [NOTE] The file was moved to '4906b736.qua'!
    C:\Users\Thomas\Mes Fichier\Lgogiciel autres\backup467.rar
    [0] Archive type: RAR
    --> backup467\CoD4MW.All-seeing-eye(+patch)_Cracked.Servers.rar
    [1] Archive type: RAR
    --> cod4_all-seeing-eye(+patch)_Servers\All Seeing Eye\patch.exe
    [DETECTION] Is the TR/Agent.262656.C Trojan
    [NOTE] The file was moved to '48f5b78f.qua'!
    C:\Users\Thomas\Mes Fichier\Lgogiciel autres\backup467\backup467\CoD4MW.All-seeing-eye(+patch)_Cracked.Servers.rar
    [0] Archive type: RAR
    --> cod4_all-seeing-eye(+patch)_Servers\All Seeing Eye\patch.exe
    [DETECTION] Is the TR/Agent.262656.C Trojan
    [NOTE] The file was moved to '48d6b7bb.qua'!
    C:\Users\Thomas\Mes Fichier\Lgogiciel autres\backup467\backup467\backup467\cod4_all-seeing-eye(+patch)_Servers\All Seeing Eye\patch.exe
    [DETECTION] Is the TR/Agent.262656.C Trojan
    [NOTE] The file was moved to '4906b7ad.qua'!
    C:\Users\Thomas\Mes Fichier\Lgogiciel autres\Protection anti virus\Navilog1.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.82 dropper
    [NOTE] The file was moved to '4908b7b9.qua'!
    C:\WINDOWS\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <FACTORY_IMAGE>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'K:\'
    Search path K:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'L:\'
    Search path L:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'M:\'
    Search path M:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'N:\'
    Search path N:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.


    End of the scan: vendredi 1 août 2008 09:35
    Used time: 10:17:54 Hour(s)

    The scan has been done completely.

    37651 Scanning directories
    980701 Files were scanned
    40 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    39 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    980659 Files not concerned
    6421 Archives were scanned
    7 Warnings
    39 Notes

    1 Août 2008 20:42:48

    Il faudrait arrêter les cracks ! Supprime-les !

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    2 Août 2008 10:01:38

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 879

    22:08:01 01/08/2008
    mbam-log-8-1-2008 (22-08-01).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 347689
    Temps écoulé: 1 hour(s), 3 minute(s), 22 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
    C:\Users\Famille Bertran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
    2 Août 2008 10:28:44

    Re,

    Poste un nouveau rapport HijackthIS;
    3 Août 2008 10:45:26

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:59, on 22/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Razer\razerhid.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Razer\razerofa.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ddcCTmnM.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 14941 bytes
    4 Août 2008 18:53:29

    Re,

    Je pars en vacances.
    Merci d'envoyer un message à un autre Helper pour venir t'aider.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS