Votre question

Spyware detected (Antivirus XP 2008)

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Juillet 2008 21:53:35

Je rencontre un problème, j'ai installé un virus croyant à un logiciel et maintenant me voilà avec un fond d'écran bleu avec une case dans laquelle il est écrit : "Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer" Cela m'avait aussi installé Antivirus XP 2008 donc j'ai cru avoir réussi à me débarrasser, mais c'est le même virus je crois.

C'est un virus assez connu, malheureusement j'ai tenté pas mal de choses qui ont échoués, je m'en remets donc entièrement à vous.

Autres pages sur : spyware detected antivirus 2008

11 Juillet 2008 00:06:57

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    11 Juillet 2008 00:09:31

    Voilà le rapport (j'avais un peu anticipé ^^)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:09:24, on 11/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\Styler\Styler.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: sqvgnrpx - {695AD9B9-B97E-4F91-8B6F-B1BD73937505} - C:\WINDOWS\sqvgnrpx.dll (file missing)
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [70d189ae] rundll32.exe "C:\WINDOWS\system32\xlcmxdbf.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Styler.lnk = ?
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O8 - Extra context menu item: Choisir comme avatar pour &Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
    O21 - SSODL: fsrpknov - {DE5B4464-468D-40C2-AEFD-0C1EEA99998F} - C:\WINDOWS\fsrpknov.dll (file missing)
    O21 - SSODL: fdxbameg - {8B18AFD9-A3F6-4A9D-B6BB-92C450E4BA79} - C:\WINDOWS\fdxbameg.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    --
    End of file - 7583 bytes
    Contenus similaires
    11 Juillet 2008 00:43:28

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    11 Juillet 2008 11:20:50

    Voici le rapport :

    ComboFix 08-07-10.1 - Bast 2008-07-11 0:51:08.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.144 [GMT 2:00]
    Endroit: C:\Documents and Settings\Bast\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Bast\Application Data\rhc5g5j0e3dp
    C:\WINDOWS\erem.exe
    C:\WINDOWS\gpefaowr.exe
    C:\WINDOWS\system32\amfmwyvf.ini
    C:\WINDOWS\system32\blphc1g5j0e3dp.scr
    C:\WINDOWS\system32\fbdxmclx.ini
    C:\WINDOWS\system32\fiPYyyay.ini
    C:\WINDOWS\system32\fiPYyyay.ini2
    C:\WINDOWS\system32\lphc1g5j0e3dp.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\nnnOETmj.dll
    C:\WINDOWS\system32\phc1g5j0e3dp.bmp
    C:\WINDOWS\system32\rqRHxuTl.dll
    C:\WINDOWS\system32\xlcmxdbf.dll

    ----- BITS: Possible sites infectés -----

    hxxp://www.thenetworkcom.com
    hxxp://www.thenmnetwork.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER
    -------\Service_clbdriver


    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-11 00:39 . 2008-07-11 00:39 <REP> d-------- C:\Program Files\Avira
    2008-07-11 00:39 . 2008-07-11 00:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-10 19:45 . 2008-07-10 19:45 116,352 --a------ C:\WINDOWS\system32\worybkvv.dll
    2008-07-10 19:45 . 2008-07-10 19:45 116,352 --a------ C:\WINDOWS\system32\qylkjz.dll
    2008-07-10 11:20 . 2008-07-10 11:20 86 --a------ C:\WINDOWS\wininit.ini
    2008-07-10 10:46 . 2008-07-10 10:46 112,256 --a------ C:\WINDOWS\system32\majgjt.dll
    2008-07-10 10:46 . 2008-07-10 10:46 112,256 --a------ C:\WINDOWS\system32\ekgpgrgv.dll
    2008-07-10 10:43 . 2008-07-10 10:43 318,720 --a------ C:\WINDOWS\system32\yayyYPif.dll
    2008-07-10 10:38 . 2001-08-28 16:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
    2008-07-08 22:05 . 2008-07-08 22:05 <REP> d-------- C:\Documents and Settings\Bast\Application Data\Samsung
    2008-07-08 22:02 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-07-08 22:00 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-07-08 21:47 . 2008-07-08 21:47 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-07-08 21:47 . 2008-07-08 21:47 <REP> d-------- C:\Program Files\Samsung
    2008-07-08 21:47 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-07-08 21:47 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-07-08 21:47 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-07-08 21:47 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-07-03 23:30 . 2008-07-09 15:14 <REP> d-------- C:\Program Files\Full Tilt Poker
    2008-06-27 08:47 . 2008-06-27 08:47 <REP> d-------- C:\Logs
    2008-06-26 12:27 . 2008-06-27 10:34 <REP> d-------- C:\Program Files\World of Warcraft
    2008-06-26 12:27 . 2008-06-26 12:27 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-26 11:14 . 2008-06-26 11:14 230 --a------ C:\config.xml
    2008-06-12 19:05 . 2008-06-12 19:05 <REP> d-------- C:\Program Files\Dr. Robotnik's Mean Bean Machine

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-10 23:05 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
    2008-07-10 19:55 --------- d-----w C:\Documents and Settings\Bast\Application Data\DNA
    2008-07-10 19:47 --------- d-----w C:\Documents and Settings\Bast\Application Data\OpenOffice.org2
    2008-07-10 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-10 18:52 --------- d-s---w C:\Program Files\CodeBlocks
    2008-07-10 18:51 --------- d-----w C:\Program Files\eMule
    2008-07-10 18:06 3,498 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-07-10 09:45 --------- d-----w C:\Program Files\EA SPORTS
    2008-07-10 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-10 08:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-10 08:26 --------- d-----w C:\Documents and Settings\Bast\Application Data\LimeWire
    2008-07-08 19:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-08 13:06 --------- d-----w C:\Documents and Settings\Bast\Application Data\temp
    2008-06-26 15:47 --------- d-s---w C:\Program Files\Skyline
    2008-06-26 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
    2008-06-26 15:44 --------- d-s---w C:\Program Files\PokerStars
    2008-06-26 15:38 --------- d-s---w C:\Program Files\Little Fighter 2.5 - v2.0
    2008-06-08 23:08 357 ----a-w C:\Documents and Settings\Bast\.cb_layout.bin
    2008-06-06 15:24 --------- d-s---w C:\Program Files\Google
    2008-06-04 16:48 --------- d-----w C:\Documents and Settings\Bast\Application Data\TaoUSign
    2008-05-22 20:15 --------- d--h--r C:\Documents and Settings\Bast\Application Data\SecuROM
    2008-05-22 20:14 --------- d-----w C:\Program Files\Electronic Arts
    2008-05-22 19:45 --------- d-s---w C:\Program Files\Windows Live
    2008-05-19 17:22 --------- d-s---w C:\Program Files\Fichiers communs\Real
    2008-05-19 17:22 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-05-17 13:40 --------- d-----w C:\Program Files\Microsoft Research
    2008-05-17 11:35 --------- d-----w C:\Program Files\Freecorder
    2008-05-17 11:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-02-09 13:02 83 --sha-w C:\Program Files\Desktop.ini
    2008-02-09 13:01 129 --sha-w C:\Program Files\Fichiers communs\Desktop.ini
    2007-02-12 16:16 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-04-23 10:35 13,824 --sha-w C:\WINDOWS\MSN Messenger\Secur32.dll
    .

    ------- Sigcheck -------

    2002-08-29 13:45 603136 cbc50d46257c4a75644230507b488050 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    2007-04-18 14:32 697344 aeff166f0813521d4fe60b6efc6895f4 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\system32\wininet.dll
    2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\system32\dllcache\wininet.dll

    2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    2002-08-29 14:17 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
    2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\system32\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
    2002-08-29 13:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2007-12-31_ 0.36.26,71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-06-13 09:57:32 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\57vxrlz1.dat
    + 2002-08-29 12:18:54 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
    + 2006-06-13 09:57:33 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\djtzvtvh.dat
    + 2002-08-28 23:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
    + 2006-06-13 09:57:30 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\inxj35rx.dat
    + 2002-08-29 11:45:20 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
    + 2002-08-29 12:17:04 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
    + 2006-06-13 09:57:30 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\pz9j3rtv.dat
    + 2001-08-23 15:47:52 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
    + 2002-08-29 11:45:20 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
    + 2006-06-13 09:57:30 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\yndfdfdf.dat
    + 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
    + 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
    + 2006-09-25 16:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
    + 2006-09-25 16:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
    + 2005-01-28 13:22:12 486,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
    + 2005-12-07 05:05:42 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
    + 2005-01-28 06:53:20 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
    + 2005-12-07 05:05:52 505,344 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
    + 2005-01-28 06:53:16 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
    + 2005-01-27 23:21:46 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
    + 2004-08-19 14:09:32 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
    + 2004-08-19 14:09:32 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
    + 2004-08-19 14:09:32 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
    + 2005-01-28 06:53:22 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
    + 2005-01-28 06:53:20 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
    + 2005-01-28 06:53:20 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
    + 2005-01-28 11:32:44 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
    + 2005-01-28 13:22:12 316,416 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
    + 2005-01-28 06:53:22 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
    + 2006-05-16 17:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
    + 2006-05-16 17:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
    + 2006-11-02 10:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
    + 2005-01-27 23:36:04 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
    + 2005-01-27 23:35:58 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
    + 2005-01-27 23:36:00 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
    + 2005-01-28 11:32:44 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
    + 2005-01-28 06:53:18 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
    + 2005-01-28 06:53:16 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
    + 2005-01-28 06:53:20 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
    + 2005-01-28 06:53:20 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
    + 2005-01-28 06:53:50 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
    + 2005-01-28 06:53:54 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
    + 2005-01-28 06:53:16 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
    + 2005-01-28 06:53:16 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
    + 2005-01-28 11:32:56 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
    + 2005-01-28 06:53:18 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
    + 2005-01-28 13:22:12 827,392 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
    + 2005-01-28 11:32:44 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
    + 2005-01-28 06:53:18 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
    + 2005-01-28 11:32:56 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
    + 2005-01-28 06:53:20 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
    + 2005-01-28 11:32:58 2,370,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
    + 2005-01-28 11:32:58 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
    + 2005-01-28 06:53:18 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
    + 2005-01-27 23:36:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
    + 2005-01-27 23:36:20 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
    + 2005-01-27 23:36:24 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
    + 2005-01-27 23:36:22 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
    + 2005-01-27 23:36:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
    + 2005-01-27 23:36:24 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
    + 2006-09-16 00:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
    + 2006-09-16 00:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
    + 2006-09-28 18:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
    + 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
    + 2008-02-20 10:09:05 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    + 2008-02-20 10:09:01 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
    + 2008-02-20 10:09:08 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
    + 2008-04-04 16:17:15 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-04-04 16:17:15 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-04-04 16:17:15 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-04-04 16:17:06 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:09 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:09 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:10 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:10 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:11 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:12 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:13 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:16 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-04 16:17:16 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-04-04 16:17:17 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-04-04 16:17:17 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-04-04 16:17:17 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-04-04 16:17:14 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-02-20 10:09:04 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    + 2008-02-20 10:06:09 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
    + 2008-02-20 10:07:54 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-02-20 10:07:54 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-02-20 10:07:55 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-02-20 10:07:56 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    + 2008-02-20 10:07:56 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-02-20 10:07:56 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-02-20 10:07:56 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    + 2008-02-20 10:07:55 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-02-20 10:07:57 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-02-20 10:09:03 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
    + 2008-02-20 10:07:55 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-02-20 10:07:56 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-02-20 10:09:03 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
    + 2008-02-20 10:09:05 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
    + 2008-02-20 10:07:55 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-02-20 10:06:04 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
    + 2008-02-20 10:06:11 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
    + 2008-02-20 10:08:18 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
    + 2008-02-20 10:08:36 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
    + 2008-02-20 10:08:33 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-02-20 10:08:36 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
    + 2008-02-20 10:08:44 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
    + 2008-02-20 10:08:20 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
    + 2008-02-20 10:08:51 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    + 2008-02-20 10:08:24 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
    + 2008-02-20 10:08:24 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
    + 2008-02-20 10:09:03 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
    + 2008-07-10 23:03:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-11-20 15:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    - 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
    + 2008-04-20 19:13:47 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
    + 2008-02-08 21:00:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
    + 2008-02-08 21:00:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-02-08 21:00:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-02-08 21:00:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-02-08 21:00:58 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-02-08 21:00:58 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
    + 2008-04-20 19:52:35 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
    + 2008-03-22 20:19:42 140,262 ----a-r C:\WINDOWS\Installer\{6F06A42D-525C-49ED-8622-E16790956CD8}\_6FEFF9B68218417F98F549.exe
    + 2007-10-14 20:19:07 2,238 ----a-r C:\WINDOWS\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe
    + 2007-10-14 20:19:07 1,518 ----a-r C:\WINDOWS\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe
    + 2008-02-20 10:00:08 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
    + 2008-02-20 10:11:54 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-02-20 10:11:55 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-02-20 10:11:55 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
    + 2008-02-20 10:11:55 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-02-20 10:11:56 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-02-20 10:11:55 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-02-20 10:11:55 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-02-20 10:11:55 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-02-20 10:11:56 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-02-20 10:11:55 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-02-15 23:36:56 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81200000003}\SC_Reader.exe
    + 2008-05-22 20:14:52 7,598 ----a-r C:\WINDOWS\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe
    + 2008-05-22 20:14:52 7,598 ----a-r C:\WINDOWS\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471182353A95BCD49DB0.exe
    + 2008-05-22 20:14:52 7,598 ----a-r C:\WINDOWS\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471182353A95BCD49DB0.exe
    + 2008-05-17 13:41:05 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_1055212E066366693F3E39.exe
    + 2008-05-17 13:41:04 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_21F3885A18D238E15AAE81.exe
    + 2008-05-17 13:41:05 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_6055DC69DCF791C52711C1.exe
    + 2008-05-17 13:41:04 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_6FEFF9B68218417F98F549.exe
    + 2008-05-17 13:41:05 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_934312A2105DE40686D86A.exe
    + 2008-05-17 13:41:04 174,298 ----a-r C:\WINDOWS\Installer\{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}\_D707CE1C009F1381803C2C.exe
    + 2006-11-04 11:55:59 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\4SEAXVDZ.DAT
    + 2006-11-04 11:55:58 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\6EN3LB9R.DAT
    + 2006-11-04 11:55:57 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\7LVBJH7Z.DAT
    + 2006-11-04 11:55:58 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\J7B5VZBB.DAT
    + 2006-11-04 11:56:05 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\T7NLR13P.DAT
    + 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
    - 2007-07-01 10:09:48 3,453 -c--a-w C:\WINDOWS\mozver.dat
    + 2008-02-18 20:44:35 4,087 -c--a-w C:\WINDOWS\mozver.dat
    + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
    + 2006-06-13 12:23:10 2,724 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
    + 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
    + 2004-08-19 14:23:26 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
    + 2004-08-03 21:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
    + 2004-08-19 14:10:10 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
    + 2004-08-19 14:10:10 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
    + 2004-08-19 14:10:10 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
    + 2004-08-19 14:10:10 146,944 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
    + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
    + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
    + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
    + 2001-08-28 14:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
    + 2001-08-28 14:00:00 73,680 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
    + 2001-08-28 14:00:00 25,280 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
    + 2001-08-28 14:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
    + 2001-08-28 14:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
    + 2001-08-28 14:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
    + 2001-08-28 14:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
    + 2001-08-28 14:00:00 4,096 ----a-w C:\WINDOWS\system\TIMER.DRV
    + 2001-08-28 14:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
    + 2001-08-28 14:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
    + 2004-08-19 14:10:10 146,944 ----a-w C:\WINDOWS\system\winspool.drv
    - 2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    + 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
    - 2005-01-28 13:22:12 486,912 ----a-w C:\WINDOWS\system32\Audiodev.dll
    + 2006-10-18 20:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
    - 2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    + 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    - 2005-12-07 05:05:42 290,816 ----a-w C:\WINDOWS\system32\blackbox.dll
    + 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
    - 2005-01-28 06:53:20 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
    + 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
    + 2008-04-04 16:29:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    + 2001-08-28 14:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
    + 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
    + 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
    + 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
    + 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
    + 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
    + 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
    + 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
    + 2004-08-19 14:23:26 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
    - 2005-12-07 05:05:42 290,816 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
    + 2006-10-18 20:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
    - 2005-01-28 06:53:20 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
    + 2006-10-18 20:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
    - 2005-12-07 05:05:52 505,344 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
    + 2006-10-18 20:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
    + 2001-08-28 14:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
    - 2005-01-28 06:53:16 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
    + 2006-10-18 20:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
    - 2005-01-27 23:21:46 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
    + 2006-10-18 19:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
    + 2001-08-28 14:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
    + 2001-08-28 14:00:00 73,680 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
    + 2001-08-28 14:00:00 25,280 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
    + 2001-08-28 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
    + 2001-08-28 14:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
    - 2005-01-28 06:53:22 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
    + 2006-10-18 20:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
    - 2005-01-28 06:53:20 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
    + 2006-10-18 20:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
    - 2005-01-28 06:53:20 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
    + 2006-10-18 20:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
    - 2005-01-28 11:32:44 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    + 2006-10-18 20:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    - 2005-01-28 13:22:12 316,416 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
    + 2006-10-18 20:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
    + 2001-08-28 14:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
    - 2005-01-28 06:53:22 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
    + 2006-10-18 20:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
    + 2001-08-28 14:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
    + 2001-08-28 14:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
    + 2001-08-28 14:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
    + 2001-08-28 14:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
    + 2001-08-28 14:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
    + 2001-08-28 14:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
    + 2001-08-28 14:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
    - 2005-01-28 11:32:44 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
    + 2006-10-18 20:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
    - 2005-01-28 06:53:18 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
    + 2006-10-18 20:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
    - 2005-01-28 06:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    + 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2005-01-28 06:53:20 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
    + 2006-10-18 20:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
    - 2005-01-28 06:53:20 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
    + 2006-10-18 20:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
    - 2005-01-28 06:53:16 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
    + 2006-10-18 20:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
    - 2005-01-28 06:53:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
    + 2006-10-18 20:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
    - 2005-01-28 11:32:56 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
    + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
    - 2005-01-28 06:53:18 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
    + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
    - 2005-01-28 11:32:44 413,944 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
    + 2006-10-18 20:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
    - 2005-01-28 06:53:18 940,544 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
    + 2006-10-18 20:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
    - 2005-01-28 11:32:58 2,370,296 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
    + 2006-10-18 20:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
    - 2005-01-28 11:32:58 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
    + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
    - 2005-01-28 06:53:18 1,003,008 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
    + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
    + 2001-08-28 14:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
    - 2007-12-04 14:49:02 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    + 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    + 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
    - 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    - 2007-12-04 14:55:46 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    + 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    - 2007-12-04 14:53:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
    - 2007-12-04 14:51:52 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    + 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
    - 2006-09-19 14:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    - 2007-05-22 18:26:57 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    + 2008-01-11 18:25:30 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    + 2001-08-28 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2006-10-18 20:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
    - 2005-01-27 23:36:24 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
    + 2006-10-18 19:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
    + 2006-09-28 17:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
    + 2006-09-28 18:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
    + 2006-10-18 19:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
    - 2005-12-07 05:05:52 505,344 ----a-w C:\WINDOWS\system32\drmv2clt.dll
    + 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
    - 2007-10-31 13:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
    + 2008-02-18 09:16:24 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
    + 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
    + 2006-10-26 13:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
    + 2006-10-26 13:42:36 36,160 ----a-w C:\WINDOWS\system32\FM20FRA.DLL
    - 2007-12-06 19:54:47 215,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-02-21 08:57:09 351,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-09-11 16:11:03 47,336 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    + 2008-02-20 10:32:47 90,704 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    - 2006-10-03 18:47:52 109,360 -c--a-w C:\WINDOWS\system32\GEARAspi.dll
    + 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    + 2006-10-26 12:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
    - 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2001-08-28 14:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
    + 2001-08-28 14:00:00 224,448 ----a-w C:\WINDOWS\system32\lanman.drv
    - 2005-01-28 06:53:16 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
    + 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
    - 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    + 2008-02-21 02:05:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    - 2005-01-27 23:21:46 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
    + 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
    - 2004-08-19 14:10:08 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr
    + 2004-08-19 14:10:08 221,696 ----a-w C:\WINDOWS\system32\logon.scr
    - 2004-08-19 14:09:56 5,650,944 ----a-w C:\WINDOWS\system32\logonui.exe
    + 2004-08-19 14:09:56 515,584 ----a-w C:\WINDOWS\system32\logonui.exe
    + 2001-08-28 14:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
    - 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    + 2008-01-07 10:26:46 181,672 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    + 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
    - 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    - 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-01-10 21:31:06 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    - 2007-08-24 12:59:56 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    + 2008-03-01 20:13:50 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    - 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
    + 2008-01-03 17:19:34 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
    - 2007-08-07 12:19:40 1,490,944 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
    + 2008-01-03 17:01:46 1,490,944 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
    - 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
    + 2008-01-03 17:20:14 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
    - 2007-08-07 15:52:32 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
    + 2008-01-03 17:39:06 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
    - 2007-08-07 12:08:48 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
    + 2008-01-03 16:46:46 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
    - 2007-08-07 12:17:24 606,208 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
    + 2008-01-03 16:59:14 606,208 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
    - 2007-08-07 12:35:22 339,968 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
    + 2008-01-03 17:18:56 339,968 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
    - 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
    + 2008-01-03 17:19:06 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
    - 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
    + 2008-01-03 17:11:48 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
    + 2008-01-07 10:26:28 390,568 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1030024.exe
    - 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
    + 2008-01-03 17:22:06 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
    - 2007-08-07 12:35:18 86,016 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
    + 2008-01-03 17:18:50 86,016 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
    - 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
    + 2008-01-03 17:22:08 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
    - 2007-08-07 12:08:46 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
    + 2008-01-03 16:46:44 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
    + 2001-08-28 14:00:00 73,680 ----a-w C:\WINDOWS\system32\mciavi.drv
    + 2001-08-28 14:00:00 25,280 ----a-w C:\WINDOWS\system32\mciseq.drv
    + 2001-08-28 14:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
    + 2006-10-18 20:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
    + 2001-08-28 14:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
    + 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
    - 2004-08-19 14:09:32 310,272 ------w C:\WINDOWS\system32\mp43dmod.dll
    + 2006-10-18 20:47:14 4,096 ------w C:\WINDOWS\system32\MP43DMOD.dll
    + 2006-10-18 20:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
    - 2004-08-19 14:09:32 384,512 ------w C:\WINDOWS\system32\mp4sdmod.dll
    + 2006-10-18 20:47:14 4,096 ------w C:\WINDOWS\system32\MP4SDMOD.dll
    + 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
    - 2004-08-19 14:09:32 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
    + 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
    + 2001-08-28 14:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
    + 2006-10-02 14:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
    + 2004-08-19 14:10:10 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
    + 2004-08-19 14:10:10 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
    - 2005-01-28 06:53:22 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
    + 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
    - 2005-01-28 06:53:20 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
    + 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
    - 2005-01-28 06:53:20 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
    + 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
    - 2005-01-28 11:32:44 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
    + 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
    - 2005-01-28 13:22:12 316,416 ----a-w C:\WINDOWS\system32\MSWMDM.dll
    + 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
    + 2001-08-28 14:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
    - 2007-12-06 19:59:25 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-05-10 07:44:13 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-12-06 19:59:25 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-05-10 07:44:14 76,384 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-12-06 19:59:25 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-05-10 07:44:13 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-12-06 19:59:25 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-05-10 07:44:14 471,246 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2006-10-06 21:37:38 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
    + 2008-05-19 17:19:03 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
    - 2006-10-06 21:37:56 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
    + 2008-05-19 17:21:13 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
    - 2006-10-06 21:37:56 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
    + 2008-05-19 17:21:13 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
    + 2006-10-18 20:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
    + 2006-10-18 20:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    + 2006-10-18 20:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
    + 2006-10-18 20:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    + 2006-10-18 20:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    - 2005-01-28 06:53:22 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
    + 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
    + 2004-08-19 14:10:10 294,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\msh263.drv
    - 2006-10-06 21:38:45 181,736 ----a-w C:\WINDOWS\system32\rmoc3260.dll
    + 2008-05-19 17:22:10 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
    + 2007-05-02 09:11:16 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
    + 2007-05-02 09:11:16 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
    + 2007-05-02 09:11:18 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
    + 2007-05-02 09:11:18 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
    + 2007-05-02 09:11:18 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
    + 2007-05-02 09:11:12 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    + 2007-05-02 09:12:34 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
    + 2007-05-02 09:12:34 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
    + 2007-05-02 09:12:36 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
    + 2007-05-02 09:12:36 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
    + 2007-05-02 09:12:36 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
    + 2007-05-02 09:12:28 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    + 2007-07-03 14:54:24 80,552 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
    + 2007-07-03 14:56:00 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
    + 2007-07-03 14:57:24 11,944 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
    + 2007-07-03 14:58:20 106,792 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
    + 2007-07-03 14:59:10 86,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
    + 2007-07-03 15:00:16 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
    + 2007-07-03 14:53:24 70,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    + 2007-07-05 10:37:34 83,456 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
    + 2007-07-05 10:37:34 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
    + 2007-07-05 10:37:34 14,848 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
    + 2007-07-05 10:37:34 109,696 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
    + 2007-07-05 10:37:34 103,808 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
    + 2007-07-05 10:37:36 99,712 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
    + 2007-07-05 10:37:36 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
    + 2007-07-19 07:44:10 70,904 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    + 2006-07-24 09:50:40 39,728 ----a-w C:\WINDOWS\system32\SCP32.DLL
    + 2001-08-28 14:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
    + 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
    - 2001-08-23 15:47:00 23,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNB6200.DLL
    + 2001-08-23 16:47:00 23,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNB6200.DLL
    - 2001-08-23 15:47:00 107,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJDRV2.DLL
    + 2001-08-23 16:47:00 107,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJDRV2.DLL
    - 2001-08-23 15:47:00 272,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJUI2.DLL
    + 2001-08-23 16:47:00 272,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBJUI2.DLL
    - 2001-08-23 15:47:00 13,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBO59.DLL
    + 2001-08-23 16:47:00 13,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBO59.DLL
    - 2001-08-23 15:44:54 153,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBPGR05.DLL
    + 2001-08-23 16:44:54 153,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBPGR05.DLL
    + 2005-03-08 02:00:00 2,726 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFAEE.DAT
    - 2004-08-19 14:09:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
    + 2004-08-19 15:09:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
    - 2004-08-19 14:09:48 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
    + 2004-08-19 15:09:48 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
    - 2004-08-19 14:09:06 620,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
    + 2004-08-19 15:09:06 620,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
    + 2005-03-08 02:00:00 2,726 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx4200419f\E_FAIFAEE.DAT
    - 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
    + 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
    - 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    + 2008-02-21 02:05:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    + 2001-08-28 14:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
    + 2001-08-28 14:00:00 4,096 ----a-w C:\WINDOWS\system32\timer.drv
    - 2005-01-27 23:36:04 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
    + 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
    + 2006-07-24 09:50:40 47,920 ----a-w C:\WINDOWS\system32\VBAME.DLL
    + 2001-08-28 14:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
    - 2005-01-27 23:35:58 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
    + 2006-10-18 20:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
    - 2005-01-27 23:36:00 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
    + 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
    + 2004-08-19 14:10:10 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
    + 2001-08-28 14:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
    + 2001-08-28 14:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
    + 2004-08-19 14:10:10 146,944 ----a-w C:\WINDOWS\system32\winspool.drv
    + 2001-08-28 14:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
    + 2006-10-26 12:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
    - 2005-01-28 11:32:44 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
    + 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
    - 2005-01-28 06:53:18 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
    + 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
    - 2005-01-28 06:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
    - 2005-01-28 06:53:20 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
    + 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
    - 2005-01-28 06:53:20 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
    + 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
    - 2005-01-28 06:53:50 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
    + 2006-10-18 20:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
    - 2005-01-28 06:53:54 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
    + 2006-10-18 20:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
    + 2006-10-18 20:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
    - 2005-01-28 06:53:16 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
    + 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
    - 2005-01-28 06:53:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
    + 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
    - 2005-01-28 11:32:56 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
    - 2005-01-28 06:53:18 1,119,744 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
    - 2005-01-28 11:32:44 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
    + 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
    - 2005-01-28 06:53:18 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
    + 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
    - 2005-01-28 11:32:56 1,218,808 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
    - 2005-01-28 06:53:20 1,512,448 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
    - 2005-01-28 11:32:58 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
    + 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
    + 2006-10-18 20:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
    - 2005-01-28 11:32:58 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
    - 2005-01-28 06:53:18 1,003,008 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
    + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
    + 2006-10-18 20:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
    + 2006-10-18 20:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
    + 2006-10-18 20:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
    + 2006-10-18 20:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
    + 2001-08-28 14:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
    - 2005-01-27 23:36:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
    + 2006-10-18 20:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
    - 2005-01-27 23:36:20 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
    + 2006-10-18 20:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
    - 2005-01-27 23:36:24 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
    + 2006-10-18 20:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
    - 2005-01-27 23:36:22 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
    + 2006-10-18 20:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
    + 2006-10-18 20:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
    + 2006-10-18 19:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
    + 2006-11-02 10:52:12 44,032 ------w C:\WINDOWS\system32\wpdshextres.dll
    + 2006-10-18 20:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
    - 2005-01-27 23:36:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
    + 2006-10-18 20:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
    + 2006-09-28 19:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
    + 2006-09-28 17:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
    + 2006-09-28 17:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
    + 2006-09-28 17:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
    + 2006-09-28 17:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
    + 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
    + 2006-11-15 09:38:22 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
    + 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
    + 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
    + 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
    + 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
    + 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
    + 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
    + 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
    + 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
    + 2006-09-28 14:04:02 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll
    + 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
    + 2008-07-10 23:04:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_540.dat
    + 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
    + 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4fb2a330-5767-46c2-9327-d86a498b988e}]
    2008-07-11 01:13 116352 --a------ C:\WINDOWS\system32\nxqkzu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71B2151B-9698-48EB-8D0C-29591258778D}]
    2008-07-10 10:43 318720 --a------ C:\WINDOWS\system32\yayyYPif.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-13 12:43 190024]
    "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]
    "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 09:53 289088]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
    "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-19 19:06 185896]
    "70d189ae"="C:\WINDOWS\system32\mwyaxorc.dll" [2008-07-11 01:10 92672]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-06-07 18:55 88365 C:\WINDOWS\AGRSMMSG.exe]
    "S3Trayp"="S3trayp.exe" [2007-06-11 12:15 176128 C:\WINDOWS\system32\S3Trayp.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 05:44 16262656 C:\WINDOWS\RTHDCPL.exe]
    "VTTimer"="VTTimer.exe" [2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.MP43"= msmpeg4.dll
    "VIDC.FFDS"= C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
    "VIDC.HFYU"= huffyuv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayyYPif

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
    backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Bast^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]
    path=C:\Documents and Settings\Bast\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
    backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "xmlprov"=3 (0x3)
    "wuauserv"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Documents and Settings\\Bast\\Mes documents\\Nouveau Dossier\\MySpaceMp3Gopher.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\LittleFighter2\\LF2_Reinforced\\lf2.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "
    11 Juillet 2008 13:24:22

    Poste la fin du rapport ;) 
    11 Juillet 2008 14:16:46

    Désolé voici la suite :

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:WoW 6112
    "6881:TCP"= 6881:TCP:WoW 6881
    "6999:TCP"= 6999:TCP:WoW 6999

    R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-10-18 19:28]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
    R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-10-18 19:28]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 10:51]
    R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-23 15:54]
    S0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-02 19:44:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{695AD9B9-B97E-4F91-8B6F-B1BD73937505} - C:\WINDOWS\sqvgnrpx.dll
    SSODL-fsrpknov-{DE5B4464-468D-40C2-AEFD-0C1EEA99998F} - C:\WINDOWS\fsrpknov.dll
    SSODL-fdxbameg-{8B18AFD9-A3F6-4A9D-B6BB-92C450E4BA79} - C:\WINDOWS\fdxbameg.dll
    MSConfigStartUp-lphc1g5j0e3dp - C:\WINDOWS\system32\lphc1g5j0e3dp.exe
    MSConfigStartUp-Pando - C:\Program Files\Pando Networks\Pando\Pando.exe
    MSConfigStartUp-SMrhc5g5j0e3dp - C:\Program Files\rhc5g5j0e3dp\rhc5g5j0e3dp.exe


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 01:05:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    C:\WINDOWS\system32\bqephvkv.dll 116352 bytes executable

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\yayyYPif.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\yayyYPif.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\system32\mwyaxorc.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    -> ?:\WINDOWS\System32\CSCDLL.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-11 1:30:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-10 23:28:38
    ComboFix2.txt 2007-12-30 23:38:36

    Pre-Run: 1,452,478,464 octets libres
    Post-Run: 1,373,958,144 octets libres

    835 --- E O F --- 2007-12-06 17:42:56
    11 Juillet 2008 14:55:30

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Rootkit::
    C:\WINDOWS\system32\bqephvkv.dll

    Collect::
    C:\WINDOWS\system32\mwyaxorc.dll
    C:\WINDOWS\system32\yayyYPif.dll
    C:\WINDOWS\system32\nxqkzu.dll
    C:\WINDOWS\system32\majgjt.dll
    C:\WINDOWS\system32\worybkvv.dll
    C:\WINDOWS\system32\qylkjz.dll

    Suspect::
    C:\WINDOWS\system32\beep.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4fb2a330-5767-46c2-9327-d86a498b988e}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71B2151B-9698-48EB-8D0C-29591258778D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "QuickTime Task"=-
    "iTunesHelper"=-
    "TkBellExe"=-
    "70d189ae"=-
    "SkyTel"=-
    "RTHDCPL"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    *********

    - Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\beep.sys
  • Clique maintenant sur Envoyer le fichier.
  • Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
    11 Juillet 2008 15:35:44

    Voilà le rapport, j'en suis aux fichiers cachés là.

    ComboFix 08-07-10.1 - Bast 2008-07-11 15:01:37.4 - NTFSx86
    Endroit: C:\Documents and Settings\Bast\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bast\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\bqephvkv.dll
    C:\WINDOWS\system32\croxaywm.ini
    C:\WINDOWS\system32\fiPYyyay.ini
    C:\WINDOWS\system32\fiPYyyay.ini2
    C:\WINDOWS\system32\majgjt.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mwyaxorc.dll
    C:\WINDOWS\system32\nxqkzu.dll
    C:\WINDOWS\system32\qylkjz.dll
    C:\WINDOWS\system32\worybkvv.dll
    C:\WINDOWS\system32\yayyYPif.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER


    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-11 00:39 . 2008-07-11 00:39 <REP> d-------- C:\Program Files\Avira
    2008-07-11 00:39 . 2008-07-11 00:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-10 11:20 . 2008-07-10 11:20 86 --a------ C:\WINDOWS\wininit.ini
    2008-07-10 10:46 . 2008-07-10 10:46 112,256 --a------ C:\WINDOWS\system32\ekgpgrgv.dll
    2008-07-10 10:38 . 2001-08-28 16:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
    2008-07-08 22:05 . 2008-07-08 22:05 <REP> d-------- C:\Documents and Settings\Bast\Application Data\Samsung
    2008-07-08 22:02 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-07-08 22:00 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-07-08 21:47 . 2008-07-08 21:47 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-07-08 21:47 . 2008-07-08 21:47 <REP> d-------- C:\Program Files\Samsung
    2008-07-08 21:47 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-07-08 21:47 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-07-08 21:47 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-07-08 21:47 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-07-08 21:47 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-07-03 23:30 . 2008-07-09 15:14 <REP> d-------- C:\Program Files\Full Tilt Poker
    2008-06-27 08:47 . 2008-06-27 08:47 <REP> d-------- C:\Logs
    2008-06-26 12:27 . 2008-06-27 10:34 <REP> d-------- C:\Program Files\World of Warcraft
    2008-06-26 12:27 . 2008-06-26 12:27 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-26 11:14 . 2008-06-26 11:14 230 --a------ C:\config.xml
    2008-06-12 19:05 . 2008-06-12 19:05 <REP> d-------- C:\Program Files\Dr. Robotnik's Mean Bean Machine

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-11 13:08 --------- d-----w C:\Documents and Settings\Bast\Application Data\DNA
    2008-07-10 23:05 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
    2008-07-10 19:47 --------- d-----w C:\Documents and Settings\Bast\Application Data\OpenOffice.org2
    2008-07-10 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-10 18:52 --------- d-s---w C:\Program Files\CodeBlocks
    2008-07-10 18:51 --------- d-----w C:\Program Files\eMule
    2008-07-10 09:45 --------- d-----w C:\Program Files\EA SPORTS
    2008-07-10 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-10 08:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-10 08:26 --------- d-----w C:\Documents and Settings\Bast\Application Data\LimeWire
    2008-07-08 19:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-08 13:06 --------- d-----w C:\Documents and Settings\Bast\Application Data\temp
    2008-06-26 15:47 --------- d-s---w C:\Program Files\Skyline
    2008-06-26 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
    2008-06-26 15:44 --------- d-s---w C:\Program Files\PokerStars
    2008-06-26 15:38 --------- d-s---w C:\Program Files\Little Fighter 2.5 - v2.0
    2008-06-08 23:08 357 ----a-w C:\Documents and Settings\Bast\.cb_layout.bin
    2008-06-06 15:24 --------- d-s---w C:\Program Files\Google
    2008-06-04 16:48 --------- d-----w C:\Documents and Settings\Bast\Application Data\TaoUSign
    2008-05-22 20:15 --------- d--h--r C:\Documents and Settings\Bast\Application Data\SecuROM
    2008-05-22 20:14 --------- d-----w C:\Program Files\Electronic Arts
    2008-05-22 19:45 --------- d-s---w C:\Program Files\Windows Live
    2008-05-19 17:22 --------- d-s---w C:\Program Files\Fichiers communs\Real
    2008-05-19 17:22 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-05-17 13:40 --------- d-----w C:\Program Files\Microsoft Research
    2008-05-17 11:35 --------- d-----w C:\Program Files\Freecorder
    2008-05-17 11:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-02-09 13:02 83 --sha-w C:\Program Files\Desktop.ini
    2008-02-09 13:01 129 --sha-w C:\Program Files\Fichiers communs\Desktop.ini
    2007-02-12 16:16 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-04-23 10:35 13,824 --sha-w C:\WINDOWS\MSN Messenger\Secur32.dll
    .

    ------- Sigcheck -------

    2002-08-29 13:45 603136 cbc50d46257c4a75644230507b488050 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    2007-04-18 14:32 697344 aeff166f0813521d4fe60b6efc6895f4 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\system32\wininet.dll
    2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\system32\dllcache\wininet.dll

    2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    2002-08-29 14:17 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
    2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\system32\ntkrnlpa.exe
    2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
    2002-08-29 13:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-07-11_ 1.27.21.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-10 23:03:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-11 13:10:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-11 13:10:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-13 12:43 190024]
    "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]
    "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 09:53 289088]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
    "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-06-07 18:55 88365 C:\WINDOWS\AGRSMMSG.exe]
    "S3Trayp"="S3trayp.exe" [2007-06-11 12:15 176128 C:\WINDOWS\system32\S3Trayp.exe]
    "VTTimer"="VTTimer.exe" [2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.MP43"= msmpeg4.dll
    "VIDC.FFDS"= C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
    "VIDC.HFYU"= huffyuv.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
    backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Bast^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]
    path=C:\Documents and Settings\Bast\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
    backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "xmlprov"=3 (0x3)
    "wuauserv"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Documents and Settings\\Bast\\Mes documents\\Nouveau Dossier\\MySpaceMp3Gopher.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\LittleFighter2\\LF2_Reinforced\\lf2.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "C:\\Program Files\\World of Warcraft\\Repair.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:WoW 6112
    "6881:TCP"= 6881:TCP:WoW 6881
    "6999:TCP"= 6999:TCP:WoW 6999

    R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-10-18 19:28]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
    R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-10-18 19:28]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 10:51]
    R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-23 15:54]
    S0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-02 19:44:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{4fb2a330-5767-46c2-9327-d86a498b988e} - (no file)
    BHO-{71B2151B-9698-48EB-8D0C-29591258778D} - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 15:11:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-11 15:32:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-11 13:31:55
    ComboFix2.txt 2008-07-10 23:30:10
    ComboFix3.txt 2007-12-30 23:38:36

    Pre-Run: 1,749,450,752 octets libres
    Post-Run: 1,758,871,552 octets libres

    216 --- E O F --- 2007-12-06 17:42:56
    11 Juillet 2008 15:41:21

    Voici la suite, mais Virustotal a mis "Le fichier a déjà été analysé"

    Fichier beep.sys reçu le 2008.07.10 23:02:41 (CET)
    Situation actuelle: terminé
    Résultat: 0/33 (0.00%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.7.11.0 2008.07.10 -
    AntiVir 7.8.0.64 2008.07.10 -
    Authentium 5.1.0.4 2008.07.10 -
    Avast 4.8.1195.0 2008.07.09 -
    AVG 7.5.0.516 2008.07.10 -
    BitDefender 7.2 2008.07.10 -
    CAT-QuickHeal 9.50 2008.07.10 -
    ClamAV 0.93.1 2008.07.10 -
    DrWeb 4.44.0.09170 2008.07.10 -
    eSafe 7.0.17.0 2008.07.10 -
    eTrust-Vet 31.6.5943 2008.07.10 -
    Ewido 4.0 2008.07.10 -
    F-Prot 4.4.4.56 2008.07.10 -
    F-Secure 7.60.13501.0 2008.07.10 -
    Fortinet 3.14.0.0 2008.07.10 -
    GData 2.0.7306.1023 2008.07.10 -
    Ikarus T3.1.1.26.0 2008.07.10 -
    Kaspersky 7.0.0.125 2008.07.10 -
    McAfee 5336 2008.07.10 -
    Microsoft 1.3704 2008.07.10 -
    NOD32v2 3259 2008.07.10 -
    Norman 5.80.02 2008.07.10 -
    Panda 9.0.0.4 2008.07.10 -
    Prevx1 V2 2008.07.10 -
    Rising 20.52.32.00 2008.07.10 -
    Sophos 4.31.0 2008.07.10 -
    Sunbelt 3.1.1509.1 2008.07.04 -
    Symantec 10 2008.07.10 -
    TheHacker 6.2.96.374 2008.07.07 -
    TrendMicro 8.700.0.1004 2008.07.10 -
    VBA32 3.12.6.9 2008.07.10 -
    VirusBuster 4.5.11.0 2008.07.10 -
    Webwasher-Gateway 6.6.2 2008.07.10 -
    Information additionnelle
    File size: 4224 bytes
    MD5...: da1f27d85e0d1525f6621372e7b685e9
    SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260


    J'ai installé Antivir et le guard n'est pas activé est-ce normal?
    12 Juillet 2008 00:19:20

    Re,

    Supprime C:\WINDOWS\system32\ekgpgrgv.dll

    Poste un nouveau rapport HijackTHis.
    C'est mieux ?
    12 Juillet 2008 00:29:06

    Voila le nouveau rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:28:21, on 12/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O8 - Extra context menu item: Choisir comme avatar pour &Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    --
    End of file - 6423 bytes


    Mais tu ne m'as pas dis pour Antivir, est-ce normal que le guard ne soit jamais activé?
    12 Juillet 2008 00:44:20

    Je vois Avast dans ton log, pas AntiVir.

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur download the latest version.
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau.
    - Contrôler automatiquement les mises à jour de CCleaner.
  • Lance le Nettoyage.
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    12 Juillet 2008 01:23:06

    Je n'arrive pas à lancer Antivir, j'ai un message d'erreur me disant : "Cette application n'a pas pu démarrer car MFC71U.DLL est introuvable. La réinstallation de cette application peut corriger le problème"

    Cela fait déjà deux fois que je réinstalle, sans succès...
    12 Juillet 2008 01:45:18

    Ah, remets Avast alors :D Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    12 Juillet 2008 11:36:27

    En fait c'est bon Antivir remarche bien. Voici le rapport de MBAM :

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 941
    Windows 5.1.2600 Service Pack 2

    11:29:03 12/07/2008
    mbam-log-7-12-2008 (11-29-03).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 157822
    Temps écoulé: 2 hour(s), 22 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 8
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{18b843ee-ce5c-4f1a-b2d1-48cc4afaf4a8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sqvgnrpx.bbst (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2417eea8-b4c2-4ab6-93e9-4a7e1503eaf5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2417eea8-b4c2-4ab6-93e9-4a7e1503eaf5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{98072af8-0e4d-4d9b-9870-fc08dc8f0f87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{a689352b-50f4-4a78-a7c3-595f12bd312d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{a689352b-50f4-4a78-a7c3-595f12bd312d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{b8860445-ae61-4dd2-a60b-b9b89072bcce}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{ca027785-286d-4b2c-ad34-9bf8e97a79fd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{ee12c699-7207-434f-913a-3b6bebf2c3f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.229 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\qoobox\Quarantine\C\WINDOWS\erem.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{BCD169A9-747B-457B-956A-134AFFDA1FAA}\RP276\A0054560.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Bast\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    12 Juillet 2008 13:59:20

    Re,

    Poste un nouveau rapport HijackThis.
    12 Juillet 2008 14:00:49

    Le voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00:17, on 12/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O8 - Extra context menu item: Choisir comme avatar pour &Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    --
    End of file - 6147 bytes

    Mon ordi va mieux maintenant même si je me demande s'il ne reste pas des trucs quand même, que te dis le rapport de HijackThis?
    12 Juillet 2008 14:52:24

    Re,


    Fais un scan Antivir alors :) 
    12 Juillet 2008 16:11:57

    Mais tout te semble aller bien?
    12 Juillet 2008 23:43:30

    Ouaip, mais tu peux quand même le faire ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS