Se connecter / S'enregistrer
Votre question

smitfraud Résolu

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Avril 2008 15:15:15

Bonjour,

j'héberge avec un certain déplaisir le Trojan Smitfraud, après moultes scan, Avast, A-Squared, Spybot, CCleaner, Smitfraudfix, Super AntiSpyware, et pour fini Antivir, certains en mode sans échec, je suis toujours en compagnie de mon saquatter. Voici le bilan de Hijckthis, si une ame éclairée peut m'aider, j'apprécierai fortement.

Merci

Kinos

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:42, on 01/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\Windows\System32\msram.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mediaflag] "C:\ProgramData\Shim blue blue.070ney"
O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\meet ball move.0x9i8h"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6481 bytes

Autres pages sur : smitfraud resolu

1 Avril 2008 15:44:09

je fais la manip de suite

merci
Contenus similaires
1 Avril 2008 15:51:28

SDFix.exe c'est à dire SmitfraudFix ?
1 Avril 2008 15:54:05

non rien a voir
1 Avril 2008 16:13:05

Click Runthis.bat est ianctif, j'ai un flash de fenetre DOS qui se ferme aussitot
1 Avril 2008 16:18:46

re demarre bien en mode sans echec
1 Avril 2008 16:19:31

avec connection internet
re essaye
1 Avril 2008 16:28:54

J'ai fait deux relances en mode sans echec, le résulttat est le même. La fenetre DOS se ferme instantanément. J'utilise Vista est-ce une explication ?
1 Avril 2008 16:33:13

en mode normal, je n'ai pas de problème Runthis.bat est actif
1 Avril 2008 16:49:50

choisit l option 1 puis 2 puis 3
et poste moi le resultat
1 Avril 2008 17:15:23

Voici les résultats en mode normal, le sans echec restant inactif

voilà le premier

System Report
*************

Run on 01/04/2008 at 17:01

Microsoft Windows [version 6.0.6000]

Current user is not an administrator

Running Processes:

C:\Windows\system32\Dwm.exe [2012]
C:\Windows\Explorer.EXE [256]
C:\Program Files\Windows Defender\MSASCui.exe [580]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [756]
C:\Windows\RtHDVCpl.exe [832]
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE [1272]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1368]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [1536]
C:\Windows\system32\taskeng.exe [2232]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2936]
C:\Program Files\ASUS\ATK Media\DMedia.exe [400]
C:\Program Files\P4P\P4P.exe [1388]
C:\Windows\ASScrPro.exe [1488]
C:\Program Files\Avast4\ashDisp.exe [1148]
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2248]
C:\Program Files\Windows Sidebar\sidebar.exe [472]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3380]
C:\Program Files\Windows Media Player\wmpnscfg.exe [4120]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4176]
C:\Program Files\Internet Explorer\iexplore.exe [4376]
C:\Windows\system32\conime.exe [4492]


Drivers - Running:

ACPI
AFD
AsDsm
ASMMAP
aswMonFlt
aswRdr
aswTdi
atapi
Beep
bowser
cdrom
CLFS
Compbatt
crcdisk
DfsC
disk
Ecache
FileInfo
FltMgr
ghaio
HTTP
i8042prt
iaStor
InCDPass
incdrm
intelide
JGOGO
JRAID
kbdclass
KSecDD
lltdio
luafv
mouclass
MountMgr
mpsdrv
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
msahci
Msfs
msisadrv
Mup
NativeWifiP
NDIS
Ndisuio
NdisWan
NetBIOS
netbt
Npfs
nsiproxy
Null
partmgr
pci
PEAUTH
PSched
RasAcd
rdbss
RDPCDD
RDPENCDD
rimmptsk
rimsptsk
rismxdp
rspndr
SASDIFSV
SASENUM
SASKUTIL
secdrv
Smb
spldr
srv
srv2
srvnet
Tcpip
tcpipreg
tdx
TermDD
VgaSave
volmgr
volmgrx
volsnap
Wanarpv6
Wdf01000


Drivers - Stopped:

adp94xx
adpahci
adpu160m
adpu320
agp440
aic78xx
aliide
amdagp
amdide
AmdK7
AmdK8
arc
arcsas
AsyncMac
AtcL001
atikmdag
blbdrive
BrFiltLo
BrFiltUp
Brserid
BrSerWdm
BrUsbMdm
BrUsbSer
BthEnum
BTHMODEM
BthPan
BTHPORT
BTHUSB
cdfs
circlass
CmBatt
cmdide
Crusoe
drmkaud
DXGKrnl
E1G60
elxstor
fastfat
fdc
Filetrace
flpydisk
gagp30kx
HdAudAddService
HDAudBus
HidBth
HidIr
HidUsb
HpCISSs
i2omp
iaStorV
iirsp
InCDfs
IntcAzAudAddService
intelppm
IpFilterDriver
IpInIp
IPMIDRV
IPNAT
IRENUM
isapnp
iScsiPrt
iteatapi
iteraid
kbdhid
kbfiltr
LSI_FC
LSI_SAS
LSI_SCSI
megasas
Modem
MODEMCSA
monitor
mouhid
mpio
Mraid35x
msdsm
MSKSSRV
MSPCLOCK
MSPQM
MsRPC
MSTEE
MTsensor
NdisTapi
NDProxy
NETw3v32
NETw4v32
nfrd960
Ntfs
ntrigdigi
nvlddmkm
nvraid
nvstor
nv_agp
NwlnkFlt
NwlnkFwd
ohci1394
Parport
Parvdm
pciide
pcmcia
PptpMiniport
Processor
ql2300
ql40xx
QWAVEdrv
Rasl2tp
RasPppoe
rdpdr
RDPWD
RFCOMM
RTL8169
sbp2port
sdbus
Serenum
Serial
sermouse
sffdisk
sffp_mmc
sffp_sd
sfloppy
sisagp
SiSRaid2
SiSRaid4
smserial
SNP2UVC
swenum
Symc8xx
Sym_hi
Sym_u3
SynTP
Tcpip6
TDPIPE
TDTCP
TPM
tssecsrv
tunmp
tunnel
uagp35
udfs
uliagpkx
uliahci
UlSata
ulsata2
umbus
usbccgp
usbcir
usbehci
usbhub
usbohci
usbprint
USBSTOR
usbuhci
usbvideo
vga
viaagp
ViaC7
viaide
vsmraid
WacomPen
Wanarp
Wd
WmiAcpi
ws2ifsl
WUDFRd


Services - Running:

a2free
ADSMService
AeLookupSvc
Appinfo
ASLDRService
aswUpdSv
Ati
ATKGFNEXSrv
AudioEndpointBuilder
Audiosrv
avast!
avast!
avast!
BFE
BITS
Browser
BthServ
CryptSvc
DcomLaunch
Dhcp
Dnscache
DPS
EapHost
EMDMgmt
Eventlog
EventSystem
EvtEng
fdPHost
FDResPub
gpsvc
IAANTMON
IKEEXT
InCDsrv
iphlpsvc
KeyIso
KtmRm
LanmanServer
LanmanWorkstation
LightScribeService
lmhosts
MMCSS
MpsSvc
Netman
netprofm
NlaSvc
nsi
PcaSvc
PlugPlay
PolicyAgent
ProfSvc
RasMan
RegSrvc
RpcSs
SamSs
Schedule
seclogon
SENS
ShellHWDetection
slsvc
spmgr
Spooler
SSDPSRV
stisvc
SysMain
TabletInputService
TapiSrv
TermService
Themes
TrkWks
upnphost
usnjsvc
UxSms
W32Time
WdiSystemHost
WebClient
WerSvc
WinDefend
WinHttpAutoProxySvc
Winmgmt
Wlansvc
WMPNetworkSvc
WPDBusEnum
wscsvc
WSearch
wuauserv
wudfsvc


Services - Stopped:

ALG
CertPropSvc
clr_optimization_v2.0.50727_32
COMSysApp
DFSR
dot3svc
ehRecvr
ehSched
ehstart
FontCache3.0.0.0
hidserv
hkmsvc
idsvc
IPBusEnum
lltdsvc
Mcx2Svc
MSDTC
MSiSCSI
msiserver
napagent
NBService
Netlogon
NetTcpPortSharing
NMIndexingService
p2pimsvc
p2psvc
pla
PNRPAutoReg
PNRPsvc
ProtectedStorage
QWAVE
RasAuto
RemoteAccess
RemoteRegistry
RpcLocator
SCardSvr
SCPolicySvc
SDRSVC
SessionEnv
SharedAccess
SLUINotify
SNMPTRAP
swprv
TBS
THREADORDER
TrustedInstaller
UI0Detect
vds
VSS
wcncsvc
WcsPlugInService
WdiServiceHost
Wecsvc
wercplsupport
WinRM
WLSetupSvc
wmiApSrv
WPCSvc


Files Created/Modified - 60 Days:


C:\

1 Apr 2008 16:55:56 2 146 689 024 A.SH. "C:\hiberfil.sys"
1 Apr 2008 16:55:56 2 460 614 656 A.SH. "C:\pagefile.sys"
31 Mar 2008 21:19:48 2 080 A.... "C:\rapport.txt"


C:\Windows\

30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\base64.tmp"
1 Apr 2008 16:56:00 67 584 A.S.. "C:\Windows\bootstat.dat"
1 Apr 2008 16:52:26 12 A.... "C:\Windows\bthservsdp.dat"
1 Apr 2008 16:54:02 1 316 608 A.... "C:\Windows\ntbtlog.txt"
1 Apr 2008 12:01:52 1 860 A.... "C:\Windows\PFRO.log"
1 Apr 2008 9:54:54 68 A.... "C:\Windows\setupact.log"
31 Mar 2008 21:08:50 0 A.... "C:\Windows\setuperr.log"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\system32hxiwlgpm.dat"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\system32taack.dat"
31 Mar 2008 19:53:18 2 540 A.... "C:\Windows\unins000.dat"
31 Mar 2008 17:09:50 691 545 A.... "C:\Windows\unins000.exe"
1 Apr 2008 16:52:24 100 513 A.... "C:\Windows\WindowsUpdate.log"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\zip1.tmp"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\zip2.tmp"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\zip3.tmp"
30 Mar 2008 19:00:16 4 096 A.... "C:\Windows\zipped.tmp"
13 Feb 2008 11:04:00 2 144 256 A.... "C:\Windows\AppPatch\AcGenral.dll"
13 Feb 2008 11:03:56 537 600 A.... "C:\Windows\AppPatch\AcLayers.dll"
13 Feb 2008 11:04:00 2 560 A.... "C:\Windows\AppPatch\AcRes.dll"
13 Feb 2008 11:03:56 449 536 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
13 Feb 2008 11:03:56 173 056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
13 Feb 2008 11:03:56 82 194 A.... "C:\Windows\AppPatch\drvmain.sdb"
13 Feb 2008 11:01:58 52 736 A.... "C:\Windows\AppPatch\iebrshim.dll"
13 Feb 2008 11:04:00 1 534 322 A.... "C:\Windows\AppPatch\msimain.sdb"
13 Feb 2008 11:03:56 22 618 A.... "C:\Windows\AppPatch\pcamain.sdb"
13 Feb 2008 11:04:00 3 217 016 A.... "C:\Windows\AppPatch\sysmain.sdb"
13 Feb 2008 11:04:00 2 144 256 A.... "C:\Windows\AppPatch\AcGenral.dll"
13 Feb 2008 11:03:56 537 600 A.... "C:\Windows\AppPatch\AcLayers.dll"
13 Feb 2008 11:04:00 2 560 A.... "C:\Windows\AppPatch\AcRes.dll"
13 Feb 2008 11:03:56 449 536 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
13 Feb 2008 11:03:56 173 056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
13 Feb 2008 11:03:56 82 194 A.... "C:\Windows\AppPatch\drvmain.sdb"
13 Feb 2008 11:01:58 52 736 A.... "C:\Windows\AppPatch\iebrshim.dll"
13 Feb 2008 11:04:00 1 534 322 A.... "C:\Windows\AppPatch\msimain.sdb"
13 Feb 2008 11:03:56 22 618 A.... "C:\Windows\AppPatch\pcamain.sdb"
13 Feb 2008 11:04:00 3 217 016 A.... "C:\Windows\AppPatch\sysmain.sdb"
1 Apr 2008 16:56:00 0 A.... "C:\Windows\Debug\PASSWD.LOG"
25 Nov 2012 15:23:00 27 012 A.... "C:\Windows\inf\1394.PNF"
28 Nov 2012 15:06:52 7 562 A.... "C:\Windows\inf\acpi.inf"
28 Nov 2012 15:06:54 14 684 A.... "C:\Windows\inf\acpi.PNF"
28 Nov 2012 15:06:48 7 124 A.... "C:\Windows\inf\battery.inf"
28 Nov 2012 15:06:48 14 172 A.... "C:\Windows\inf\battery.PNF"
25 Nov 2017 22:21:52 11 156 A.... "C:\Windows\inf\bthpan.PNF"
25 Nov 2017 22:22:20 10 208 A.... "C:\Windows\inf\cdrom.PNF"
25 Nov 2012 15:22:58 27 800 A.... "C:\Windows\inf\cpu.PNF"
25 Nov 2017 22:21:48 15 840 A.... "C:\Windows\inf\disk.PNF"
12 Mar 2008 11:07:08 665 600 A.... "C:\Windows\inf\drvindex.dat"
25 Nov 2012 15:23:00 7 744 A.... "C:\Windows\inf\hal.PNF"
25 Nov 2012 15:23:00 9 220 A.... "C:\Windows\inf\hdaudbus.PNF"
12 Mar 2008 11:07:08 1 716 328 A.... "C:\Windows\inf\INFCACHE.1"
12 Mar 2008 11:07:10 51 200 A.... "C:\Windows\inf\infpub.dat"
12 Mar 2008 11:07:08 86 016 A.... "C:\Windows\inf\infstor.dat"
12 Mar 2008 11:07:06 86 016 A.... "C:\Windows\inf\infstrng.dat"
25 Nov 2012 15:23:02 172 004 A.... "C:\Windows\inf\input.PNF"
25 Nov 2012 15:23:00 11 236 A.... "C:\Windows\inf\iscsi.PNF"
13 Feb 2008 12:34:22 65 966 A.... "C:\Windows\inf\keyboard.inf"
13 Feb 2008 12:34:26 96 528 A.... "C:\Windows\inf\keyboard.PNF"
25 Nov 2012 15:22:58 552 872 A.... "C:\Windows\inf\machine.PNF"
25 Nov 2012 15:23:00 16 008 A.... "C:\Windows\inf\modemcsa.PNF"
12 Mar 2008 11:07:06 789 490 A.... "C:\Windows\inf\monitor.inf"
12 Mar 2008 11:07:08 1 163 660 A.... "C:\Windows\inf\monitor.PNF"
13 Feb 2008 12:33:20 47 458 A.... "C:\Windows\inf\mshdc.inf"
13 Feb 2008 12:33:22 82 344 A.... "C:\Windows\inf\mshdc.PNF"
13 Feb 2008 12:34:24 56 342 A.... "C:\Windows\inf\msmouse.inf"
13 Feb 2008 12:34:30 99 376 A.... "C:\Windows\inf\msmouse.PNF"
25 Nov 2017 22:21:52 16 132 A.... "C:\Windows\inf\nettun.PNF"
25 Nov 2012 15:22:58 6 688 A.... "C:\Windows\inf\oem1.PNF"
25 Nov 2012 15:23:00 12 648 A.... "C:\Windows\inf\oem10.PNF"
25 Nov 2012 15:23:00 14 888 A.... "C:\Windows\inf\oem11.PNF"
25 Nov 2012 15:23:00 15 120 A.... "C:\Windows\inf\oem12.PNF"
25 Nov 2012 15:22:58 9 924 A.... "C:\Windows\inf\oem16.PNF"
25 Nov 2012 15:23:00 132 788 A.... "C:\Windows\inf\oem17.PNF"
25 Nov 2017 22:21:34 398 504 A.... "C:\Windows\inf\oem19.PNF"
25 Nov 2012 15:44:22 55 216 A.... "C:\Windows\inf\oem2.PNF"
25 Nov 2012 15:23:00 49 652 A.... "C:\Windows\inf\oem20.PNF"
25 Nov 2012 15:23:02 32 768 A.... "C:\Windows\inf\oem21.PNF"
25 Nov 2012 15:22:58 296 472 A.... "C:\Windows\inf\oem23.PNF"
25 Nov 2017 22:21:52 19 292 A.... "C:\Windows\inf\oem3.PNF"
25 Nov 2012 15:23:00 8 160 A.... "C:\Windows\inf\oem4.PNF"
25 Nov 2012 15:23:00 13 244 A.... "C:\Windows\inf\oem6.PNF"
25 Nov 2012 15:23:00 12 688 A.... "C:\Windows\inf\oem7.PNF"
25 Nov 2012 15:23:00 16 476 A.... "C:\Windows\inf\oem8.PNF"
25 Nov 2012 15:44:22 306 436 A.... "C:\Windows\inf\oem9.PNF"
28 Nov 2012 15:06:46 3 256 A.... "C:\Windows\inf\sbp2.inf"
28 Nov 2012 15:06:46 7 100 A.... "C:\Windows\inf\sbp2.PNF"
25 Nov 2012 15:23:00 15 580 A.... "C:\Windows\inf\sdbus.PNF"
1 Apr 2008 9:54:52 15 368 A.... "C:\Windows\inf\setupapi.ev1"
1 Apr 2008 9:54:54 13 912 A.... "C:\Windows\inf\setupapi.ev2"
1 Apr 2008 9:54:54 86 016 A.... "C:\Windows\inf\setupapi.ev3"
1 Apr 2008 16:57:02 1 696 107 A.... "C:\Windows\inf\setupapi.app.log"
1 Apr 2008 9:54:54 9 880 559 A.... "C:\Windows\inf\setupapi.dev.log"
25 Nov 2017 22:21:52 11 688 A.... "C:\Windows\inf\tdibth.PNF"
25 Nov 2012 15:23:02 9 364 A.... "C:\Windows\inf\umbus.PNF"
13 Feb 2008 12:40:50 97 096 A.... "C:\Windows\inf\usbport.PNF"
28 Nov 2012 15:06:42 28 908 A.... "C:\Windows\inf\usbstor.inf"
28 Nov 2012 15:06:44 61 992 A.... "C:\Windows\inf\usbstor.PNF"
25 Nov 2012 15:44:24 5 044 A.... "C:\Windows\inf\volsnap.PNF"
25 Nov 2017 22:05:20 5 369 A.... "C:\Windows\Panther\unattend.xml"
13 Feb 2008 12:38:08 1 939 288 A.... "C:\Windows\rescache\ResCache.mni"
13 Feb 2008 11:06:16 18 432 A.... "C:\Windows\servicing\CbsMsg.dll"
1 Apr 2008 16:56:08 3 072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
1 Apr 2008 16:56:08 3 072 A..H. "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"
1 Apr 2008 16:46:56 45 056 A.... "C:\Windows\System32\acovcnt.exe"
13 Feb 2008 11:02:00 124 928 A.... "C:\Windows\System32\advpack.dll"
13 Feb 2008 11:06:16 12 800 A.... "C:\Windows\System32\batt.dll"
13 Feb 2008 11:06:18 19 456 A.... "C:\Windows\System32\cfgmgr32.dll"
13 Feb 2008 11:06:18 224 824 A.... "C:\Windows\System32\clfs.sys"
13 Feb 2008 11:06:16 35 328 A.... "C:\Windows\System32\dispci.dll"
13 Feb 2008 11:06:18 260 096 A.... "C:\Windows\System32\dpx.dll"
13 Feb 2008 11:06:18 101 888 A.... "C:\Windows\System32\drvinst.exe"
13 Feb 2008 11:01:58 347 136 A.... "C:\Windows\System32\dxtmsft.dll"
13 Feb 2008 11:01:58 214 528 A.... "C:\Windows\System32\dxtrans.dll"
13 Feb 2008 11:06:16 7 168 A.... "C:\Windows\System32\f3ahvoas.dll"
13 Feb 2008 11:03:56 1 686 528 A.... "C:\Windows\System32\gameux.dll"
13 Feb 2008 11:01:56 63 488 A.... "C:\Windows\System32\icardie.dll"
13 Feb 2008 11:01:54 70 656 A.... "C:\Windows\System32\ie4uinit.exe"
13 Feb 2008 11:01:58 383 488 A.... "C:\Windows\System32\ieapfltr.dll"
26 Mar 2008 8:50:46 82 432 A.... "C:\Windows\System32\IEDFix.exe"
13 Feb 2008 11:02:04 6 066 176 A.... "C:\Windows\System32\ieframe.dll"
13 Feb 2008 11:01:54 44 544 A.... "C:\Windows\System32\iernonce.dll"
13 Feb 2008 11:01:54 56 320 A.... "C:\Windows\System32\iesetup.dll"
13 Feb 2008 11:02:04 180 736 A.... "C:\Windows\System32\ieui.dll"
13 Feb 2008 11:01:54 26 624 A.... "C:\Windows\System32\ieUnatt.exe"
13 Feb 2008 11:01:56 1 831 424 A.... "C:\Windows\System32\inetcpl.cpl"
13 Feb 2008 11:02:00 27 648 A.... "C:\Windows\System32\jsproxy.dll"
13 Feb 2008 11:06:16 6 656 A.... "C:\Windows\System32\kbd106n.dll"
25 Nov 2017 22:20:08 55 097 A.... "C:\Windows\System32\license.rtf"
13 Feb 2008 11:06:14 115 200 A.... "C:\Windows\System32\loadperf.dll"
13 Feb 2008 11:06:14 39 424 A.... "C:\Windows\System32\lodctr.exe"
5 Mar 2008 18:30:54 19 148 408 A.... "C:\Windows\System32\mrt.exe"
13 Feb 2008 11:02:02 3 592 192 A.... "C:\Windows\System32\mshtml.dll"
13 Feb 2008 11:02:00 1 383 424 A.... "C:\Windows\System32\mshtml.tlb"
13 Feb 2008 11:02:02 478 208 A.... "C:\Windows\System32\mshtmled.dll"
4 Mar 2008 16:02:08 181 760 A.... "C:\Windows\System32\msram.dll"
13 Feb 2008 11:01:56 671 232 A.... "C:\Windows\System32\mstime.dll"
26 Nov 2012 11:04:30 1 335 296 A.... "C:\Windows\System32\msxml6.dll"
26 Nov 2012 11:04:30 2 048 A.... "C:\Windows\System32\msxml6r.dll"
13 Feb 2008 11:04:20 24 064 A.... "C:\Windows\System32\netcfg.exe"
13 Feb 2008 11:04:20 22 016 A.... "C:\Windows\System32\netiougc.exe"
13 Feb 2008 11:06:14 23 552 A.... "C:\Windows\System32\nshhttp.dll"
13 Feb 2008 11:04:36 3 504 696 A.... "C:\Windows\System32\ntkrnlpa.exe"
13 Feb 2008 11:04:36 3 470 392 A.... "C:\Windows\System32\ntoskrnl.exe"
13 Feb 2008 11:06:16 558 080 A.... "C:\Windows\System32\oleaut32.dll"
1 Apr 2008 16:52:14 116 274 A.... "C:\Windows\System32\perfc007.dat"
1 Apr 2008 16:52:14 103 924 A.... "C:\Windows\System32\perfc009.dat"
1 Apr 2008 16:52:14 117 572 A.... "C:\Windows\System32\perfc00C.dat"
1 Apr 2008 16:52:14 114 252 A.... "C:\Windows\System32\perfc010.dat"
1 Apr 2008 16:52:14 122 206 A.... "C:\Windows\System32\perfc013.dat"
1 Apr 2008 16:52:14 630 644 A.... "C:\Windows\System32\perfh007.dat"
1 Apr 2008 16:52:14 610 142 A.... "C:\Windows\System32\perfh009.dat"
1 Apr 2008 16:52:14 690 832 A.... "C:\Windows\System32\perfh00C.dat"
1 Apr 2008 16:52:14 672 610 A.... "C:\Windows\System32\perfh010.dat"
1 Apr 2008 16:52:14 678 918 A.... "C:\Windows\System32\perfh013.dat"
1 Apr 2008 16:52:12 3 840 770 A.... "C:\Windows\System32\PerfStringBackup.INI"
13 Feb 2008 11:02:00 44 544 A.... "C:\Windows\System32\pngfilt.dll"
13 Feb 2008 11:06:14 17 408 A.... "C:\Windows\System32\prflbmsg.dll"
13 Feb 2008 11:06:14 595 456 A.... "C:\Windows\System32\schedsvc.dll"
13 Feb 2008 11:06:16 1 585 664 A.... "C:\Windows\System32\setupapi.dll"
13 Feb 2008 11:04:20 167 424 A.... "C:\Windows\System32\tcpipcfg.dll"
31 Mar 2008 21:19:08 3 682 A.... "C:\Windows\System32\tmp.reg"
31 Mar 2008 21:19:08 0 A.... "C:\Windows\System32\tmp.txt"
13 Feb 2008 11:06:18 221 696 A.... "C:\Windows\System32\umpnpmgr.dll"
13 Feb 2008 11:06:14 32 256 A.... "C:\Windows\System32\unlodctr.exe"
13 Feb 2008 11:01:58 1 159 680 A.... "C:\Windows\System32\urlmon.dll"
28 Mar 2008 23:19:34 86 528 A.... "C:\Windows\System32\VACFix.exe"
13 Feb 2008 11:07:06 194 560 A.... "C:\Windows\System32\WebClnt.dll"
13 Feb 2008 11:02:00 824 832 A.... "C:\Windows\System32\wininet.dll"
13 Feb 2008 11:06:14 943 800 A.... "C:\Windows\System32\winload.exe"
13 Feb 2008 11:06:18 613 888 A.... "C:\Windows\System32\wpd_ci.dll"
25 Nov 2012 15:42:12 549 720 A.... "C:\Windows\System32\wuapi.dll"
25 Nov 2012 15:41:58 31 232 A.... "C:\Windows\System32\wuapp.exe"
25 Nov 2012 15:42:38 53 080 A.... "C:\Windows\System32\wuauclt.exe"
25 Nov 2012 15:42:38 1 712 984 A.... "C:\Windows\System32\wuaueng.dll"
25 Nov 2012 15:42:38 1 524 224 A.... "C:\Windows\System32\wucltux.dll"
25 Nov 2012 15:42:12 80 896 A.... "C:\Windows\System32\wudriver.dll"
25 Nov 2012 15:42:12 33 624 A.... "C:\Windows\System32\wups.dll"
25 Nov 2012 15:42:38 43 352 A.... "C:\Windows\System32\wups2.dll"
25 Nov 2012 15:41:58 163 000 A.... "C:\Windows\System32\wuwebv.dll"
1 Apr 2008 16:56:08 6 A..H. "C:\Windows\Tasks\SA.DAT"
1 Apr 2008 16:52:26 32 494 A.... "C:\Windows\Tasks\SCHEDLGU.TXT"
13 Feb 2008 12:34:50 2 052 A.... "C:\Windows\winsxs\cleanup.xml"
12 Mar 2008 11:07:12 82 A.... "C:\Windows\winsxs\poqexec.log"
1 Apr 2008 16:46:46 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.bak"
1 Apr 2008 16:56:02 0 A.... "C:\Windows\Debug\UserMode\ChkAcc.log"
28 Nov 2012 15:22:52 1 718 A.... "C:\Windows\Debug\WIA\wiatrace.log"
1 Apr 2008 16:51:52 3 953 A.... "C:\Windows\inf\WmiApRpl\WmiApRpl.h"
1 Apr 2008 16:52:26 13 047 729 A.... "C:\Windows\Logs\CBS\CBS.log"
13 Feb 2008 12:42:00 54 558 591 A.... "C:\Windows\Logs\CBS\CBS.persist.log"
12 Mar 2008 10:44:36 16 494 A.... "C:\Windows\Logs\DPX\setupact.log"
12 Mar 2008 10:44:36 16 494 A.... "C:\Windows\Logs\DPX\setuperr.log"
25 Nov 2017 22:05:20 523 A.... "C:\Windows\Panther\actionqueue\oobeSystem.uaq"
25 Nov 2012 15:29:22 24 624 A.... "C:\Windows\Panther\UnattendGC\diagerr.xml"
25 Nov 2012 15:29:22 22 006 A.... "C:\Windows\Panther\UnattendGC\diagwrn.xml"
25 Nov 2012 15:29:22 75 872 A.... "C:\Windows\Panther\UnattendGC\setupact.log"
25 Nov 2012 15:26:32 10 327 A.... "C:\Windows\Performance\WinSAT\winsat.log"
25 Nov 2012 15:26:24 97 760 A.... "C:\Windows\rescache\rc0004\ResCache.dir"
25 Nov 2012 15:26:26 1 120 266 A.... "C:\Windows\rescache\rc0004\Segment0.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment0.toc"
25 Nov 2012 15:26:26 959 930 A.... "C:\Windows\rescache\rc0004\Segment1.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment1.toc"
25 Nov 2012 15:26:26 1 241 717 A.... "C:\Windows\rescache\rc0004\Segment2.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment2.toc"
25 Nov 2012 15:26:26 962 005 A.... "C:\Windows\rescache\rc0004\Segment3.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment3.toc"
25 Nov 2012 15:26:26 1 139 881 A.... "C:\Windows\rescache\rc0004\Segment4.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment4.toc"
25 Nov 2012 15:26:26 932 789 A.... "C:\Windows\rescache\rc0004\Segment5.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment5.toc"
25 Nov 2012 15:26:26 672 263 A.... "C:\Windows\rescache\rc0004\Segment6.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment6.toc"
25 Nov 2012 15:26:26 1 323 002 A.... "C:\Windows\rescache\rc0004\Segment7.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment7.toc"
25 Nov 2012 15:26:26 949 049 A.... "C:\Windows\rescache\rc0004\Segment8.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment8.toc"
25 Nov 2012 15:26:26 1 135 154 A.... "C:\Windows\rescache\rc0004\Segment9.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment9.toc"
25 Nov 2012 15:26:28 1 111 949 A.... "C:\Windows\rescache\rc0004\Segment10.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment10.toc"
25 Nov 2012 15:26:28 1 040 358 A.... "C:\Windows\rescache\rc0004\Segment11.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment11.toc"
25 Nov 2012 15:26:28 409 046 A.... "C:\Windows\rescache\rc0004\Segment12.cmf"
13 Feb 2008 12:38:08 48 064 A.... "C:\Windows\rescache\rc0004\Segment12.toc"
25 Feb 2008 23:17:42 2 408 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.17.0.mum"
25 Feb 2008 23:18:14 12 686 A.... "C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.17.0.cat"
25 Nov 2012 15:26:32 42 A.... "C:\Windows\Setup\State\State.ini"
13 Mar 2008 10:55:36 13 352 238 A.... "C:\Windows\System32\CodeIntegrity\bootcat.cache"
13 Feb 2008 11:04:34 21 560 A.... "C:\Windows\System32\drivers\atapi.sys"
13 Feb 2008 11:04:34 109 624 A.... "C:\Windows\System32\drivers\ataport.sys"
13 Feb 2008 11:06:16 54 784 A.... "C:\Windows\System32\drivers\i8042prt.sys"
13 Feb 2008 11:04:34 17 464 A.... "C:\Windows\System32\drivers\intelide.sys"
13 Feb 2008 11:06:16 35 384 A.... "C:\Windows\System32\drivers\kbdclass.sys"
13 Feb 2008 11:06:16 34 360 A.... "C:\Windows\System32\drivers\mouclass.sys"
13 Feb 2008 11:06:16 15 872 A.... "C:\Windows\System32\drivers\mouhid.sys"
13 Feb 2008 11:07:06 110 080 A.... "C:\Windows\System32\drivers\mrxdav.sys"
13 Feb 2008 11:04:20 216 632 A.... "C:\Windows\System32\drivers\netio.sys"
13 Feb 2008 11:04:34 154 624 A.... "C:\Windows\System32\drivers\nwifi.sys"
13 Feb 2008 11:04:34 45 112 A.... "C:\Windows\System32\drivers\pciidex.sys"
13 Feb 2008 11:06:16 19 968 A.... "C:\Windows\System32\drivers\sermouse.sys"
13 Feb 2008 11:04:20 803 328 A.... "C:\Windows\System32\drivers\tcpip.sys"
13 Feb 2008 11:06:16 495 160 A.... "C:\Windows\System32\drivers\Wdf01000.sys"
13 Feb 2008 11:06:16 35 384 A.... "C:\Windows\System32\drivers\WdfLdr.sys"
23 Feb 2008 11:12:10 127 A.... "C:\Windows\System32\GroupPolicy\gpt.ini"
13 Feb 2008 11:04:20 49 152 A.... "C:\Windows\System32\migration\netiomig.dll"
17 Mar 2008 18:17:42 196 608 A.... "C:\Windows\System32\NDF\eventlog.etl"
1 Apr 2008 16:58:10 5 479 A.... "C:\Windows\System32\spool\spooler.xml"
1 Apr 2008 16:56:08 4 096 ..... "C:\Windows\System32\spool\SpoolerETW.etl"
13 Feb 2008 11:06:50 45 056 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_en-us_688391467a338aaa_setupapi.dll.mui_bcc172a4"
13 Feb 2008 11:06:48 101 888 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_drvinst.exe_6593e92a"
13 Feb 2008 11:06:48 3 692 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.mof_112f9e6c"
13 Feb 2008 11:06:48 53 248 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_de-de_bf92bb4d8b557ee5_setupapi.dll.mui_bcc172a4"
13 Feb 2008 11:06:48 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598.manifest"
13 Feb 2008 11:06:50 39 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_lodctr.exe_b02cefba"
13 Feb 2008 11:03:08 195 203 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16609_none_1592313b129ab58c.manifest"
13 Feb 2008 11:06:48 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest"
13 Feb 2008 11:06:50 49 152 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_it-it_f52e5a70445e782f_setupapi.dll.mui_bcc172a4"
13 Feb 2008 11:06:48 53 248 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_0b0664296d2c92b1_setupapi.dll.mui_bcc172a4"
13 Feb 2008 11:06:50 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_en-us_688391467a338aaa.manifest"
13 Feb 2008 11:06:48 88 936 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646.manifest"
13 Feb 2008 11:04:22 22 016 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_netiougc.exe_94123cfe"
13 Feb 2008 11:06:50 30 674 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfd.dat_f1e3dfd2"
26 Nov 2012 11:04:32 128 784 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25.manifest"
13 Feb 2008 11:06:50 49 152 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_218f82a5033b86b1_setupapi.dll.mui_bcc172a4"
13 Feb 2008 11:04:38 3 470 392 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934_ntoskrnl.exe_0fb0ab79"
13 Feb 2008 11:06:48 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991.manifest"
13 Feb 2008 11:06:48 17 408 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716_winresume.exe.mui_ff8b5358"
13 Feb 2008 11:04:22 167 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_tcpipcfg.dll_e3a99e8a"
12 Mar 2008 11:00:58 14 737 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346.manifest"
26 Nov 2012 11:04:32 1 335 296 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25_msxml6.dll_ebe15265"
13 Feb 2008 11:06:48 3 472 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfs.mof_04dfde60"
13 Feb 2008 11:06:48 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716.manifest"
13 Feb 2008 11:03:10 3 592 192 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a_mshtml.dll_fab8f891"
25 Nov 2012 15:43:20 3 116 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_nl-nl_a69d77f9e96b3ffa.manifest"
13 Feb 2008 11:04:38 3 504 696 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934_ntkrnlpa.exe_165c312a"
13 Feb 2008 11:06:50 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_it-it_f52e5a70445e782f.manifest"
26 Nov 2012 11:04:32 2 048 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25_msxml6r.dll_d8460bdb"
13 Feb 2008 11:06:50 287 440 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfi.dat_e3a35ecf"
13 Feb 2008 11:06:50 26 112 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991_winload.exe.mui_3bc5b827"
13 Feb 2008 11:04:22 216 632 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1_netio.sys_a06e75d0"
13 Feb 2008 11:03:12 64 512 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_wininetplugin.dll_f2ff35f9"
13 Feb 2008 11:03:08 6 066 176 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67_ieframe.dll_c6cbe33f"
13 Feb 2008 11:03:12 824 832 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_wininet.dll_790e2e3a"
13 Feb 2008 11:06:48 17 524 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23.manifest"
13 Feb 2008 11:06:48 8 279 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913.manifest"
13 Feb 2008 11:06:48 3 685 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_drvinst.mof_6593cf80"
13 Feb 2008 11:03:08 829 928 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67.manifest"
13 Feb 2008 11:06:48 3 689 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73_setupapi.mof_8d9de59f"
13 Feb 2008 11:03:12 347 136 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585_dxtmsft.dll_4b67eac6"
13 Feb 2008 11:06:50 120 320 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_cntrtextmig.dll_08675f2d"
13 Feb 2008 11:03:10 1 383 424 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a_mshtml.tlb_fab8f577"
12 Mar 2008 11:00:58 1 060 920 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346_ntfs.sys_e80dca04"
13 Feb 2008 11:06:50 287 440 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfh.dat_e67d1236"
13 Feb 2008 11:03:28 124 928 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16609_none_a9ee296df5a1e10e_advpack.dll_8c6ea088"
13 Feb 2008 11:03:14 283 492 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16609_none_b305dbcfd99b3e71.manifest"
13 Feb 2008 11:06:50 16 384 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991_winresume.exe.mui_ff8b5358"
25 Nov 2012 15:43:20 20 824 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_nl-nl_a69d77f9e96b3ffa_wuaueng.dll.mui_297f975d"
25 Nov 2012 15:43:20 20 312 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_en-us_ed91869b606343f3_wuaueng.dll.mui_297f975d"
25 Nov 2012 15:43:20 21 336 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_it-it_7a3c4fc52a8e3178_wuaueng.dll.mui_297f975d"
13 Feb 2008 11:04:22 28 871 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a.manifest"
13 Feb 2008 11:06:48 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_de-de_bf92bb4d8b557ee5.manifest"
25 Nov 2012 15:43:20 3 116 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_it-it_7a3c4fc52a8e3178.manifest"
13 Feb 2008 11:03:12 463 701 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585.manifest"
13 Feb 2008 11:06:50 17 408 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_prflbmsg.dll_2e46e937"
13 Feb 2008 11:06:48 558 080 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646_oleaut32.dll_730e3d41"
13 Feb 2008 11:03:28 7 571 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16609_none_a9ee296df5a1e10e.manifest"
13 Feb 2008 11:06:50 16 896 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc_winresume.exe.mui_ff8b5358"
25 Nov 2012 15:43:20 20 824 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_de-de_44a0b0a27185382e_wuaueng.dll.mui_297f975d"
13 Feb 2008 11:06:48 17 408 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198_winresume.exe.mui_ff8b5358"
13 Feb 2008 11:04:38 18 778 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934.manifest"
25 Nov 2012 15:43:20 3 116 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_en-us_ed91869b606343f3.manifest"
13 Feb 2008 11:06:50 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_218f82a5033b86b1.manifest"
25 Nov 2012 15:43:20 3 116 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_de-de_44a0b0a27185382e.manifest"
13 Feb 2008 11:06:48 19 532 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73.manifest"
13 Feb 2008 11:06:48 16 896 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598_winresume.exe.mui_ff8b5358"
13 Feb 2008 11:03:08 42 229 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_6.0.6000.16609_none_3ad26ff6d96b5938.manifest"
13 Feb 2008 11:04:22 3 908 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1.manifest"
13 Feb 2008 11:03:10 180 736 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16609_none_62c53093b0f05c67_ieui.dll_f0fcf806"
25 Nov 2012 15:43:20 21 336 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_fr-fr_9014597e535c4bfa_wuaueng.dll.mui_297f975d"
13 Feb 2008 11:06:50 32 256 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_unlodctr.exe_69df45bb"
13 Feb 2008 11:06:50 28 160 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc_winload.exe.mui_3bc5b827"
13 Feb 2008 11:06:50 943 800 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366_winload.exe_75835076"
13 Feb 2008 11:06:50 115 200 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_loadperf.dll_3a569bab"
13 Feb 2008 11:06:48 28 672 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198_winload.exe.mui_3bc5b827"
25 Nov 2012 15:43:20 3 116 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.0.6000.381_fr-fr_9014597e535c4bfa.manifest"
13 Feb 2008 11:06:48 123 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfsuninstall.mof_d0605990"
13 Feb 2008 11:06:48 224 824 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913_clfs.sys_04dfdff9"
13 Feb 2008 11:03:10 928 494 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16609_none_1165d69024face3a.manifest"
13 Feb 2008 11:06:48 27 648 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716_winload.exe.mui_3bc5b827"
13 Feb 2008 11:03:12 27 648 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504_jsproxy.dll_3cc8d651"
13 Feb 2008 11:04:22 803 328 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_tcpip.sys_3339bd51"
13 Feb 2008 11:06:48 1 585 664 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73_setupapi.dll_8d9de2e7"
13 Feb 2008 11:06:50 20 589 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f.manifest"
13 Feb 2008 11:03:14 1 159 680 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16609_none_b305dbcfd99b3e71_urlmon.dll_95c89473"
13 Feb 2008 11:03:12 56 602 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504.manifest"
13 Feb 2008 11:06:50 30 674 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f_perfc.dat_f4bd9339"
13 Feb 2008 11:06:48 28 160 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598_winload.exe.mui_3bc5b827"
13 Feb 2008 11:06:50 3 726 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc.manifest"
13 Feb 2008 11:06:48 19 456 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_cfgmgr32.dll_7bc7e545"
13 Feb 2008 11:04:22 49 152 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a_netiomig.dll_917b9a36"
13 Feb 2008 11:06:48 221 696 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.dll_112f9bb4"
13 Feb 2008 11:03:12 214 528 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16609_none_95e9130384756585_dxtrans.dll_814d2aee"
13 Feb 2008 11:06:48 3 034 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_0b0664296d2c92b1.manifest"
13 Feb 2008 11:06:50 5 227 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366.manifest"
13 Feb 2008 11:06:50 905 400 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366_winresume.exe_85cd1215"
26 Nov 2012 11:13:42 12 809 A.... "C:\Windows\winsxs\Catalogs\01405cc06defe09e79989ef50fd92069e212a462c5bb400af2952427686a1e22.cat"
12 Feb 2008 23:41:48 23 834 A.... "C:\Windows\winsxs\Catalogs\050b2a0163102501b05d9e43ac4c53e538cd93c9907b91c69907b04c365369b4.cat"
26 Nov 2012 11:16:48 12 809 A.... "C:\Windows\winsxs\Catalogs\0623a15fc5dfa798b7f5015e634187d3c77d21bafe4d80ff2cae8e64ba6c54df.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\06bc82649da21d456a8101b40ed2a95f0c34183e03bd32eea9c17d607007a131.cat"
26 Nov 2012 11:15:24 37 973 A.... "C:\Windows\winsxs\Catalogs\07e919f7b820a254166da9e10ebeb223880fb80cb5fd7a4796a02b921ed25c32.cat"
12 Feb 2008 23:41:42 26 186 A.... "C:\Windows\winsxs\Catalogs\0ad6f09f2b2b39e5e7cfc19103cb31b78ead81597edba64691c6a502ae1f996d.cat"
25 Nov 2012 15:42:04 11 639 A.... "C:\Windows\winsxs\Catalogs\0b7396206a3ba39ba8e3d9e1b9e666538a749c6643e95571dbfd5b6168fc6f78.cat"
13 Feb 2008 11:11:48 24 195 A.... "C:\Windows\winsxs\Catalogs\10338debac71ca966896e544f26291a99bf38cc4b87e69c1798037b49a292a3d.cat"
12 Feb 2008 23:39:10 43 345 A.... "C:\Windows\winsxs\Catalogs\1418952aacdf47d43eff052dd144e84b0acf1e45aa1af266830a59fcd6a881da.cat"
12 Feb 2008 23:41:40 23 834 A.... "C:\Windows\winsxs\Catalogs\19c7a4321d55036bd0f9aa87035a15ad62ec65e1d2d9c17978a81ef9ad0ea40f.cat"
12 Feb 2008 23:44:06 14 740 A.... "C:\Windows\winsxs\Catalogs\1a3194f88073e6c03595db376a21306107a54b38fed11cf525c81d285871cd2f.cat"
26 Nov 2012 11:17:14 17 481 A.... "C:\Windows\winsxs\Catalogs\1a48e683c6f87d2d5799b148c8eb2045ef0df4f8ce78a2465928c55a00071bf5.cat"
12 Feb 2008 23:41:40 23 834 A.... "C:\Windows\winsxs\Catalogs\1d6ebd3202f0931663348dc7328a614a25f513295a47a6ad3a50c4d64d4bab0f.cat"
25 Nov 2012 15:42:26 11 639 A.... "C:\Windows\winsxs\Catalogs\215018c958db2faafd01df8f0326f4e01f92eb4fd122dc8bd4f252ad1764314a.cat"
25 Nov 2012 15:42:24 12 235 A.... "C:\Windows\winsxs\Catalogs\255a97972d783fe4dcc7576751c2c7e3b53049bbdc1b2fd6e0c44ebb34b251ae.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\2a762b3150df447cb2b56a3d90baf08f0e880db6fd8bc2413c24f776f192905c.cat"
26 Nov 2012 11:14:24 12 809 A.... "C:\Windows\winsxs\Catalogs\2f6d83127ae97eb5088b90e7a17effeb203a3a9bcd45c5ee00312a3f9f6013c8.cat"
12 Feb 2008 23:41:40 14 442 A.... "C:\Windows\winsxs\Catalogs\37ae5936ba24fa473a5cbf11576ea349e1104dd54e48677cd2f844436c5633c1.cat"
26 Nov 2012 11:13:44 12 809 A.... "C:\Windows\winsxs\Catalogs\3863ddc44bf3c8e0e8bc817bb25f9c165766457ca6b6fa0dce9b60bc415c3827.cat"
12 Feb 2008 23:41:42 23 834 A.... "C:\Windows\winsxs\Catalogs\3c6df958a8804ac9c1ad4af40edf97584f03fd8c1e911630f2ccbd82efea2704.cat"
26 Nov 2012 11:15:58 21 121 A.... "C:\Windows\winsxs\Catalogs\3e8e494752e775bc5a9926327ae5ea375c3d908e3db058dad135cbfacc1f4ee6.cat"
26 Nov 2012 11:14:52 12 809 A.... "C:\Windows\winsxs\Catalogs\3f5ce51008f52294fd9837e8c55c04f68e74d34282368a1f7f3d3c5329e812aa.cat"
12 Feb 2008 23:41:42 23 834 A.... "C:\Windows\winsxs\Catalogs\417ad390502bf43875823bf5f549ab2031ac7531b518a2c50999f9e6b7735ce7.cat"
12 Feb 2008 23:41:32 14 442 A.... "C:\Windows\winsxs\Catalogs\42820e7ec5f40412f525313282e3275550b72cda5621575a2fa437ad0849bbde.cat"
25 Nov 2012 15:42:26 11 639 A.... "C:\Windows\winsxs\Catalogs\43b718ba349e8746589dea8b78ba84f9762346eef8967d5b12e73f0600fbcc35.cat"
12 Feb 2008 23:41:40 23 834 A.... "C:\Windows\winsxs\Catalogs\4548a2d79a4c9b0b9c97427ef50d1dec446548527929bf413532f9b5b0f70b39.cat"
12 Feb 2008 23:41:50 14 442 A.... "C:\Windows\winsxs\Catalogs\45693e0f2c4ab93267df6ea67e58f33aaee6d12f796be1d26e196d7ba2f419fd.cat"
12 Feb 2008 23:41:52 14 442 A.... "C:\Windows\winsxs\Catalogs\4600288784bed7de0849a49ca0c3e2569b02a27c1e54f448a61f3ea736f3c442.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\468e526ba8a40e9677faffe8c6067d73f8df60cd5ff5e9315f10a5aab49c693c.cat"
25 Nov 2012 15:42:04 11 639 A.... "C:\Windows\winsxs\Catalogs\46a9e6540861bc3d09c813df15258fbb75c469d2bbfda6294a6202c57dd861a5.cat"
26 Nov 2012 11:16:48 13 405 A.... "C:\Windows\winsxs\Catalogs\4d81c3c75cbd79d9c5c55cea1191fdda4245d92dc1baa443dfa231d5991eeacd.cat"
26 Nov 2012 11:16:48 12 809 A.... "C:\Windows\winsxs\Catalogs\4e7b62cf74c6f0a09f08cf0b6f742bdae8b5e4ca264eb5e9e1a2b2386e03f79c.cat"
12 Feb 2008 23:41:50 23 834 A.... "C:\Windows\winsxs\Catalogs\5658d911f1157c47dc0eec0603e9cff03918bdbcde0f5d6cee0a501a1c7d60d2.cat"
12 Feb 2008 23:41:40 26 186 A.... "C:\Windows\winsxs\Catalogs\5a7b34dcbe7ba738719fa5c490ed3c0f863becc4844a8be011b0732be3678c34.cat"
26 Nov 2012 11:16:48 12 809 A.... "C:\Windows\winsxs\Catalogs\61a043c5943b281e7afbf3ca7f195804730331b1313df87d2ee7be107b0b01e5.cat"
12 Feb 2008 23:41:44 26 186 A.... "C:\Windows\winsxs\Catalogs\64b20eb1d2e76ffad87d8824e80145679bfc0ef3a93bfcc5c70a688fad06aef0.cat"
26 Nov 2012 11:14:06 12 809 A.... "C:\Windows\winsxs\Catalogs\6a1ee23f863caf13718b378228f14c9838aa59aa8d66bf3f0956eab5f79bdc83.cat"
26 Nov 2012 11:15:58 28 533 A.... "C:\Windows\winsxs\Catalogs\6bb733eefc2f0dacc42714ad89cd29ea067356f8a6ea1ee090dc2c4897add467.cat"
12 Feb 2008 23:39:10 37 850 A.... "C:\Windows\winsxs\Catalogs\6d88c5f3d266b8fa19190a8adae6f1729d1b8d51b9e698e9d358c4551bbce86e.cat"
12 Feb 2008 23:41:54 23 834 A.... "C:\Windows\winsxs\Catalogs\6eb7ed514cde77a2b0b27813ebb2e1db09baa5c81e84869d5a16681d77cfe733.cat"
12 Feb 2008 23:41:30 23 834 A.... "C:\Windows\winsxs\Catalogs\6ef00608b280e84f38da471beccf79ecd2613cbcc5b10d869ef11b83445afcfe.cat"
26 Nov 2012 11:13:42 22 185 A.... "C:\Windows\winsxs\Catalogs\700326253f74d30f8c01d28994ba5eea1e9928bc2fa5eb8602aba1878deb52e9.cat"
12 Feb 2008 23:41:38 26 186 A.... "C:\Windows\winsxs\Catalogs\7329a042cd17487bca411bd79b935eff81009162f092c3775e1c4a995eb24837.cat"
12 Feb 2008 23:41:50 23 834 A.... "C:\Windows\winsxs\Catalogs\74c0aef9ec661126070eb1e01c25a94f7477f36dd92f4fde5f53fa4fbf8087c6.cat"
26 Nov 2012 11:13:16 53 116 A.... "C:\Windows\winsxs\Catalogs\7abf206f88d0f4ddec096ab0f3b7c963c0c1e3d7280136e008cb1be1b20a7df8.cat"
12 Feb 2008 23:41:52 23 834 A.... "C:\Windows\winsxs\Catalogs\7c34856c5ef792d12929068d0871b07a0451fbe6d33b6dbca3d9e90b71c37db9.cat"
25 Nov 2012 15:41:54 11 937 A.... "C:\Windows\winsxs\Catalogs\81768796877cde7275bcc0d0bcbffb1ba4bebcd2ec5a18473f09a8a6c0eaa956.cat"
12 Feb 2008 23:40:46 12 686 A.... "C:\Windows\winsxs\Catalogs\8272c03d107e462deb7a0bed70335833781b7e27bc6bbd24470701f9e4facde2.cat"
12 Feb 2008 23:40:46 33 241 A.... "C:\Windows\winsxs\Catalogs\8370ceeeb1349c4051a13b0a8753199ed1063b831be02bc998a7b5f966a35489.cat"
26 Nov 2012 11:14:54 27 522 A.... "C:\Windows\winsxs\Catalogs\8379935f313df10f3e0def72b0039dd0a1dc9329c7126f1c18111a5747ef1326.cat"
25 Nov 2012 15:42:04 11 639 A.... "C:\Windows\winsxs\Catalogs\85fec58236f02bae6de551b6cd1027e1eb46d0c4e5525784b73c4f818b785de5.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\88eb203aa58277ffd00f093bc870dc0df915b3fa5fec7ef508613f3fcdc29d89.cat"
25 Nov 2012 15:42:04 11 639 A.... "C:\Windows\winsxs\Catalogs\88ef81f0dc8a796e7bbfdcd99e7d0df39d6d42d32bb7084f1386f5242c6e281e.cat"
26 Nov 2012 11:13:42 12 809 A.... "C:\Windows\winsxs\Catalogs\8b1d678a9ae18d26be1634c913e80cee82370f80d5144816401c33fdc6b3a1c6.cat"
12 Feb 2008 23:41:28 72 898 A.... "C:\Windows\winsxs\Catalogs\8c45ae5136ba70d66ebd5d754502ba5aad0011368f20c209d5c4b7a661be76f6.cat"
16 Feb 2008 10:54:28 52 993 A.... "C:\Windows\winsxs\Catalogs\8e55939bd6c074103de36cb213bfa07d8cfbf7928d83a060d68096ac44489951.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\9621eabdf279d3c39ab04ed37700131e8963f681bdb8f9615ad77e0f43194711.cat"
12 Feb 2008 23:41:48 26 186 A.... "C:\Windows\winsxs\Catalogs\9af3bcd7926ed3769be7ca1c9c967f346042206de363e8cec87759471fc2e059.cat"
12 Feb 2008 23:39:14 135 621 A.... "C:\Windows\winsxs\Catalogs\9d67ac47c38b8b86cf4684bbbeefd4c02a2becb4bf536c9d5567eab3c4e45ee0.cat"
26 Nov 2012 11:03:20 10 985 A.... "C:\Windows\winsxs\Catalogs\9f4b272407008a230979f286064e895aa72cac13cd57d536a67ea34c9dd91a2c.cat"
25 Nov 2012 15:42:04 12 235 A.... "C:\Windows\winsxs\Catalogs\a0aad993d1bceabd24924d1f6904df61f4b6b11f402037a96ecd11e79b984ec8.cat"
12 Feb 2008 23:41:34 23 834 A.... "C:\Windows\winsxs\Catalogs\a22903d5ce47e64f53d64ca264f0fe9bdc3d309bc27878173df6509a55d87729.cat"
12 Feb 2008 23:40:06 19 793 A.... "C:\Windows\winsxs\Catalogs\a3ddc45e866caf08b16911853771af9f2be815846bc1188b56bfe7d8800a6f46.cat"
12 Feb 2008 23:40:34 17 696 A.... "C:\Windows\winsxs\Catalogs\a67bee86f4ddd7b5d823b4e3bdc802cc51e9ac59d1a9702c462926470bd9affe.cat"
26 Nov 2012 11:16:00 22 477 A.... "C:\Windows\winsxs\Catalogs\a8ea814aea7684d1d59d31c4c7e7b3b15edf9aeb58dc1bcb3ca530e717f7ff1b.cat"
12 Feb 2008 23:41:28 13 282 A.... "C:\Windows\winsxs\Catalogs\aa7aebb6803806c5595bd9dfe773adbcb09a7478108e82c6364cce00c671fa85.cat"
12 Feb 2008 23:41:28 13 282 A.... "C:\Windows\winsxs\Catalogs\aa98d2ed5f12ce319929af0c609bdd90da0afadb196555adeaf3b5ccd90e7a16.cat"
12 Mar 2008 10:44:00 13 846 A.... "C:\Windows\winsxs\Catalogs\ac16c2dffee4156b402277d14fa974b5b924c94bc3d73e419618e879f8ba518f.cat"
12 Feb 2008 23:41:46 23 834 A.... "C:\Windows\winsxs\Catalogs\af48385c27977533539131f64eebfac116ddf3837fd1af1799c0bb1c77416716.cat"
12 Feb 2008 23:41:50 14 442 A.... "C:\Windows\winsxs\Catalogs\b049af84ba1425fc9b9ef81afa8f496db0b39af2cd3784fe4d9175eb872a3bd2.cat"
26 Nov 2012 11:14:08 28 081 A.... "C:\Windows\winsxs\Catalogs\b18bb76d8f1dc99b609bb7d53eb03d672db953a10666457725561f8721e8aa9f.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\b20a8e0829acb438f95a9eadc0fb19495f71c373d9200a6860ff8fdd2aaadf39.cat"
26 Nov 2012 11:14:22 163 499 A.... "C:\Windows\winsxs\Catalogs\b275fbff8dc606f0758d2860c5950878a2d6d2ab43b53244864178da8ce49fe3.cat"
12 Feb 2008 23:41:32 20 322 A.... "C:\Windows\winsxs\Catalogs\b6f4dc620eb230c19e41e48651d27e52ce429a0cb349a5f5cad42c8918e2f783.cat"
12 Feb 2008 23:41:50 23 834 A.... "C:\Windows\winsxs\Catalogs\b7e9df7d9dc37f7ce4badbb1a6f553e03dac91ba167cd6e71ddbbb4214e25ec1.cat"
12 Feb 2008 23:40:18 16 182 A.... "C:\Windows\winsxs\Catalogs\b9512f562dea4141303c7b5a6839b26be7af70cee01f22eccf3b3bc96075e5a9.cat"
25 Nov 2012 15:42:04 11 639 A.... "C:\Windows\winsxs\Catalogs\b9edbd2d58bf40c9ce7d937b2982db8e1fca3e15277c1de9f5828ed46b5c821b.cat"
12 Feb 2008 23:41:22 23 834 A.... "C:\Windows\winsxs\Catalogs\bb9dda7c7260df71c58f5fec039df5ff56ca2f8ba4e8528bdcd933fd6908c8f7.cat"
25 Nov 2012 15:42:24 11 639 A.... "C:\Windows\winsxs\Catalogs\bde42ca1460853d1b4a2c28479f23a7df8138745ba83c09710a891442c001872.cat"
12 Feb 2008 23:41:56 23 834 A.... "C:\Windows\winsxs\Catalogs\be62bbebe6895b3b4a10caa29a66b4ac1f2ff18b34578a0735de6107bfe57bef.cat"
26 Nov 2012 11:17:14 19 253 A.... "C:\Windows\winsxs\Catalogs\bea5d4027d45d196ca47f7dac631bc2608fc52e4a6380eba83f71f019d375b9b.cat"
12 Feb 2008 23:41:52 14 442 A.... "C:\Windows\winsxs\Catalogs\beeec77608220868bda528bf899948046b3b922ffded14465988afcd1c3db193.cat"
26 Nov 2012 11:15:28 133 844 A.... "C:\Windows\winsxs\Catalogs\c26d9a5209f3a5adf1fc6b8c0fb192c605e185f8a1e14b1daad3db562679449c.cat"
25 Nov 2012 15:42:26 11 639 A.... "C:\Windows\winsxs\Catalogs\c27f43d4fd5b667440743cf3160e1d85e33b8a75b1912c08276beb0f4f9d9ad9.cat"
12 Feb 2008 23:41:36 23 834 A.... "C:\Windows\winsxs\Catalogs\cd1c81d8d2b9a09313dec1f96bad03f3c0446b80bc3cefe68b80b9ff92b4a6c1.cat"
26 Nov 2012 11:16:26 21 057 A.... "C:\Windows\winsxs\Catalogs\cf66167dc7c01a1ee025d5f38f8d7de9e2aeac8b47a768d7d7058a142fc8bd92.cat"
12 Feb 2008 23:41:40 14 442 A.... "C:\Windows\winsxs\Catalogs\d137bdccc0a688379a7fadf76fd5f8945454e1b2ec7cd5efe20b5f2cc2538d65.cat"
12 Feb 2008 23:40:20 21 450 A.... "C:\Windows\winsxs\Catalogs\d2826c9bef8a60d97fbc60ec225f6a331abcc9015baa15c33dbc463d7b932585.cat"
26 Nov 2012 11:15:24 43 396 A.... "C:\Windows\winsxs\Catalogs\d583c457f4658b51c116e249df7a2b3d35e972e421e301118918270764483470.cat"
12 Feb 2008 23:41:52 23 834 A.... "C:\Windows\winsxs\Catalogs\dc9f831dbef1aa69e0d852ff6968383bc9f93a79a37f78f5b51d7180fe80a255.cat"
26 Nov 2012 11:13:42 12 213 A.... "C:\Windows\winsxs\Catalogs\ddf4ca24b7f5cc93097c9ed166a68ca24a79a0a5a97730c9e7f592d1f33702e5.cat"
12 Feb 2008 23:41:46 14 442 A.... "C:\Windows\winsxs\Catalogs\e322773900b5ffb47a594c2d040319ad91ed21f9a2e99155d5a3e8f0288d525f.cat"
26 Nov 2012 11:14:56 28 661 A.... "C:\Windows\winsxs\Catalogs\e51e4b2a62b915084ea102a35ddd1b04e88e45b195b84894c7975e769b6ebd9f.cat"
25 Nov 2012 15:42:26 11 639 A.... "C:\Windows\winsxs\Catalogs\e5bc2ef682fd565961c58d24a3a58fec4ff255935e3cc99affbb972154492e65.cat"
26 Nov 2012 11:16:48 12 809 A.... "C:\Windows\winsxs\Catalogs\e5c35a151e831e731e950ede19e0821a72a1efbc7a91fc057a034ca98aeaf9d9.cat"
26 Nov 2012 11:16:48 12 809 A.... "C:\Windows\winsxs\Catalogs\eacb3409e71a466beb103f6a9b41545002cc90f75fbc5e61acb406d6b7069673.cat"
12 Feb 2008 23:41:46 14 442 A.... "C:\Windows\winsxs\Catalogs\ec2e1f4cf320b916e9c2f8fd0a93e216815f9a8f1160d9f2e2ff48f7d1a51bd1.cat"
12 Mar 2008 10:44:34 12 686 A.... "C:\Windows\winsxs\Catalogs\ec837939bf4102ae012a0af2ae15852aaa0643d02a379ed07a3073ccaa8bfa9e.cat"
26 Nov 2012 11:16:14 13 405 A.... "C:\Windows\winsxs\Catalogs\f0a7eb92bf8d58cb83031e360ca27a29942245d2009c0e98f3e88a034e6eb629.cat"
12 Feb 2008 23:41:52 14 442 A.... "C:\Windows\winsxs\Catalogs\f235f9917f5f5e390695388f3fe6eaefd57ff66be6d15f9dbded5420abffada5.cat"
12 Feb 2008 23:41:44 23 834 A.... "C:\Windows\winsxs\Catalogs\f2703bd4476843033e9c5e86d1a16bc0490a60ac6d8c4cd775cea1a2f7658a02.cat"
26 Nov 2012 11:03:22 10 997 A.... "C:\Windows\winsxs\Catalogs\f3c343567eb07e928a24a5c8b8bf732a5523d0acd4762015ba309f48255a5baf.cat"
26 Nov 2012 11:13:42 12 809 A.... "C:\Windows\winsxs\Catalogs\fe7d5494afc8f465040a625ee6f4a477c6379b9489cc588ac4e1da55ff3f532a.cat"
12 Feb 2008 23:41:42 14 442 A.... "C:\Windows\winsxs\Catalogs\ff85065990d8f9f0c6e7c21f66cf710d21290f0d872754c1c805fae5ab687be7.cat"
12 Feb 2008 23:41:52 14 442 A.... "C:\Windows\winsxs\Catalogs\ffd3b8c1b322e41065c4049efd21125369dad80be8d6c03e707f02f1f5bd8f8a.cat"
13 Feb 2008 11:06:50 219 400 A.... "C:\Windows\winsxs\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
13 Feb 2008 11:06:50 15 116 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms"
13 Feb 2008 11:06:50 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_de-de_f4ce1a04dcee7bcc.cdf-ms"
13 Feb 2008 11:06:50 14 984 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_fr-fr_4d9f89205bdfbc76.cdf-ms"
13 Feb 2008 11:06:50 219 400 A.... "C:\Windows\winsxs\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
13 Feb 2008 11:06:50 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_nl-nl_614f426a6f91ee59.cdf-ms"
13 Feb 2008 11:06:50 219 400 A.... "C:\Windows\winsxs\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"
16 Feb 2008 11:00:56 676 A.... "C:\Windows\winsxs\FileMaps\$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms"
13 Feb 2008 11:06:50 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_it-it_fe4e8a64ceadd4d6.cdf-ms"
13 Feb 2008 11:06:50 219 400 A.... "C:\Windows\winsxs\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
13 Feb 2008 11:06:50 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_it-it_620364286dfc9b2b.cdf-ms"
13 Feb 2008 11:06:50 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms"
14 Feb 2008 11:21:18 692 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_version_6.0.6001.18000_ace7738cfc7e50ca.cdf-ms"
13 Feb 2008 11:06:50 15 116 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_it-it_5352f37253529d34.cdf-ms"
13 Feb 2008 11:06:50 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_fr-fr_f89b2012d73af418.cdf-ms"
13 Feb 2008 11:06:50 6 072 A.... "C:\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms"
12 Mar 2008 11:00:58 23 592 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
16 Feb 2008 11:00:56 672 A.... "C:\Windows\winsxs\FileMaps\$$_ehome_mcx_022df17cf4546600.cdf-ms"
13 Feb 2008 11:06:50 67 356 A.... "C:\Windows\winsxs\FileMaps\$$_system32_driverstore_nl-nl_07ced256c06d6818.cdf-ms"
13 Feb 2008 11:06:50 219 400 A.... "C:\Windows\winsxs\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
13 Feb 2008 11:06:50 15 116 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_de-de_49d283126193442a.cdf-ms"
12 Mar 2008 11:00:58 3 564 A.... "C:\Windows\winsxs\FileMaps\$$.cdf-ms"
13 Feb 2008 11:06:50 15 116 A.... "C:\Windows\winsxs\FileMaps\$$_system32_drivers_nl-nl_5cd33b6445123076.cdf-ms"
13 Feb 2008 11:04:02 3 080 A.... "C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
16 Feb 2008 11:00:56 18 476 A.... "C:\Windows\winsxs\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
14 Feb 2008 11:21:18 1 344 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms"
13 Feb 2008 11:06:50 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_en-us_62939e786cb82928.cdf-ms"
13 Feb 2008 11:06:50 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_fr-fr_626f794e6d096759.cdf-ms"
13 Feb 2008 11:06:50 1 040 A.... "C:\Windows\winsxs\FileMaps\$$_servicing_de-de_62b788f46c674185.cdf-ms"
12 Mar 2008 11:00:58 389 992 A.... "C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
12 Mar 2008 11:01:02 680 A.... "C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
13 Feb 2008 11:03:28 2 280 A.... "C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms"
12 Mar 2008 11:01:02 2 492 A.... "C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms"
12 Mar 2008 11:01:02 856 A.... "C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms"
26 Nov 2012 11:13:14 4 228 A.... "C:\Windows\winsxs\Manifests\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16551_none_23624f6bcf4df329.manifest"
26 Nov 2012 11:13:14 3 365 A.... "C:\Windows\winsxs\Manifests\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20670_none_3179f32173644568.manifest"
26 Nov 2012 11:13:14 8 388 A.... "C:\Windows\winsxs\Manifests\msil_ehshell_31bf3856ad364e35_6.0.6000.16551_none_897b0411449d1363.manifest"
26 Nov 2012 11:13:14 12 694 A.... "C:\Windows\winsxs\Manifests\msil_ehexthost_31bf3856ad364e35_6.0.6000.20670_none_bd40622fdb07a6b1.manifest"
26 Nov 2012 11:13:16 3 260 A.... "C:\Windows\winsxs\Manifests\msil_ehepg_31bf3856ad364e35_6.0.6000.20670_none_d9fae579eb184366.manifest"
26 Nov 2012 11:13:42 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20587_de-de_3c00bd4e94683e8c.manifest"
26 Nov 2012 11:13:14 3 374 A.... "C:\Windows\winsxs\Manifests\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16551_none_4e78a7c898e189f9.manifest"
26 Nov 2012 11:13:42 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16478_it-it_355054c110dd5156.manifest"
26 Nov 2012 11:13:42 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20587_it-it_1e83c5132a83b112.manifest"
26 Nov 2012 11:13:16 3 260 A.... "C:\Windows\winsxs\Manifests\msil_ehepg_31bf3856ad364e35_6.0.6000.16551_none_d987e8d0d1e98511.manifest"
26 Nov 2012 11:13:42 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20587_fr-fr_9656dfc8d0a5ae20.manifest"
26 Nov 2012 11:13:14 3 374 A.... "C:\Windows\winsxs\Manifests\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20670_none_4eeba471b210484e.manifest"
26 Nov 2012 11:13:14 4 228 A.... "C:\Windows\winsxs\Manifests\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20670_none_23d54c14e87cb17e.manifest"
26 Nov 2012 11:13:44 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16478_nl-nl_18b50413a652fa64.manifest"
26 Nov 2012 11:13:42 2 591 A.... "C:\Windows\winsxs\Manifests\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16478_de-de_52cd4cfc7ac1ded0.manifest"
26 Nov 2012 11:13:16 3 260 A.... "C:\Windows\winsxs\Manifests\msil_ehiextens_31bf3856ad364e35_6.0.6000.16551_none_fbb06c6b09de4651.manifest"
26 Nov 2012 11:13:14 12 694 A.... "C:\Windows\winsxs\Manifests\msil_ehexthost_31bf3856ad364e35_6.0.6000.16551_none_bccd6586c1d8e85c.manife
1 Avril 2008 17:55:33

:hello: 

pots22... tu sais désinfecter une machine ? Je reprends la main ici :) 

kinos >>>

Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )
    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    ;) 
    1 Avril 2008 18:07:24

    Bonsoir,

    je viens de lancer la manip, je poste le résultat dès qu'il est là
    1 Avril 2008 18:12:53

    voici le rapport

    -----------------------[ Lop S&D 4.1.0-4 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : Laurent ] [ "C:\Lop SD" ]
    [ 01/04/2008 | 18:07:54,65 ] [ PC : LORRAN ]
    [ MAJ : 31-03-2008 | 21:52 ]
    [ UAC => 0 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Adobe\Acrobat
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\..
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\Linguistics
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\.

    [19/01/2008|21:49] C:\Users\Laurent\AppData\Roaming\Apple Computer\iTunes
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\..
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\ACE
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\GetValue.vbs\GetValue.vbs

    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\..
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\{CD143A3E-2D27-438C-B7ED-D8253766337C}
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\.

    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\..
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\ISEngine12.0
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\.

    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\..
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\Wireless
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\.
    [31/03/2008|11:31] C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player

    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\..
    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\.

    [28/11/2012|15:22] C:\Users\Laurent\AppData\Roaming\Microsoft\Publisher
    [25/11/2012|19:48] C:\Users\Laurent\AppData\Roaming\Microsoft\Windows
    [25/11/2012|17:35] C:\Users\Laurent\AppData\Roaming\Microsoft\CLView
    [25/11/2012|17:08] C:\Users\Laurent\AppData\Roaming\Microsoft\HTML Help
    [25/11/2012|16:20] C:\Users\Laurent\AppData\Roaming\Microsoft\UProof
    [25/11/2012|16:17] C:\Users\Laurent\AppData\Roaming\Microsoft\Proof
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\Document Building Blocks
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\AddIns
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Microsoft\SystemCertificates
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\Microsoft\Protect
    [25/11/2012|15:29] C:\Users\Laurent\AppData\Roaming\Microsoft\Credentials
    [30/03/2008|21:04] C:\Users\Laurent\AppData\Roaming\Microsoft\ModŠles
    [28/03/2008|16:14] C:\Users\Laurent\AppData\Roaming\Microsoft\Word
    [14/03/2008|22:23] C:\Users\Laurent\AppData\Roaming\Microsoft\Crypto
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Office
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Excel
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\..
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\.
    [18/02/2008|23:30] C:\Users\Laurent\AppData\Roaming\Microsoft\PowerPoint
    [28/01/2008|00:42] C:\Users\Laurent\AppData\Roaming\Microsoft\Internet Explorer
    [08/01/2008|19:01] C:\Users\Laurent\AppData\Roaming\Microsoft\eHome
    [28/11/2007|19:50] C:\Users\Laurent\AppData\Roaming\Microsoft\preuve
    [28/11/2007|19:49] C:\Users\Laurent\AppData\Roaming\Microsoft\Macros compl‚mentaires
    [28/11/2007|19:36] C:\Users\Laurent\AppData\Roaming\Microsoft\MSE
    [28/11/2007|19:10] C:\Users\Laurent\AppData\Roaming\Microsoft\Templates
    [28/11/2007|18:47] C:\Users\Laurent\AppData\Roaming\Microsoft\Outlook
    [28/11/2007|16:48] C:\Users\Laurent\AppData\Roaming\Microsoft\IMJP10
    [26/11/2007|22:20] C:\Users\Laurent\AppData\Roaming\Microsoft\MSN Messenger
    [26/11/2007|22:19] C:\Users\Laurent\AppData\Roaming\Microsoft\IdentityCRL
    [26/11/2007|00:02] C:\Users\Laurent\AppData\Roaming\Microsoft\MMC
    [25/11/2007|23:46] C:\Users\Laurent\AppData\Roaming\Microsoft\Speech

    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\..
    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\SetValue.bat\SetValue.bat

    [31/03/2008|11:58] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\..
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\.

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [01/04/2008 18:07][--ah-----] C:\Windows\tasks\SA.DAT
    [01/04/2008 18:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [01/04/2008|10:46] C:\ProgramData\.
    [01/04/2008|10:46] C:\ProgramData\..
    [01/04/2008|10:42] C:\ProgramData\addr_file.html
    [07/01/2008|12:02] C:\ProgramData\Adobe
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [29/12/2007|00:17] C:\ProgramData\ASUS
    [01/04/2008|10:39] C:\ProgramData\Avira
    [24/03/2008|00:11] C:\ProgramData\bags readme locks tick
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [25/11/2012|19:41] C:\ProgramData\DVD Shrink
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [01/04/2008|11:03] C:\ProgramData\iaifzrhh
    [12/10/2007|02:17] C:\ProgramData\Intel
    [25/11/2012|18:31] C:\ProgramData\LightScribe
    [24/03/2008|00:11] C:\ProgramData\meet ball move.0x9i8h
    [26/11/2007|00:02] C:\ProgramData\Microsoft
    [28/11/2007|19:23] C:\ProgramData\Microsoft Help
    [01/04/2008|11:07] C:\ProgramData\More way title
    [12/10/2007|01:10] C:\ProgramData\Nero
    [23/02/2008|11:12] C:\ProgramData\ntuser.pol
    [12/10/2007|02:36] C:\ProgramData\P4G
    [01/04/2008|10:46] C:\ProgramData\Shim blue blue.070ney
    [24/03/2008|00:11] C:\ProgramData\Shim blue blue.8qp5g16
    [24/03/2008|00:11] C:\ProgramData\Shim blue blue.vhp9s
    [31/03/2008|21:12] C:\ProgramData\Spybot - Search & Destroy
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [31/03/2008|11:34] C:\ProgramData\SUPERAntiSpyware.com
    [25/11/2012|16:54] C:\ProgramData\Symantec
    [02/11/2006|15:02] C:\ProgramData\Templates
    [31/03/2008|12:03] C:\ProgramData\wdofwnen
    [28/11/2007|18:46] C:\ProgramData\WLInstaller
    [01/04/2008|11:07] C:\ProgramData\wmhtdxrt
    [17/03/2008|17:41] C:\ProgramData\Yahoo! Companion

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/04/2008|12:05] C:\Program Files\.
    [01/04/2008|12:05] C:\Program Files\..
    [28/11/2007|19:04] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [07/01/2008|12:01] C:\Program Files\Adobe
    [01/04/2008|12:07] C:\Program Files\antivirus
    [17/03/2008|15:44] C:\Program Files\a-squared Free
    [12/10/2007|02:37] C:\Program Files\ASUS
    [12/10/2007|01:45] C:\Program Files\ATI
    [12/10/2007|01:47] C:\Program Files\ATI Technologies
    [12/10/2007|01:50] C:\Program Files\ATK Hotkey
    [12/10/2007|02:30] C:\Program Files\ATKGFNEX
    [12/10/2007|01:50] C:\Program Files\ATKOSD2
    [07/01/2008|11:06] C:\Program Files\Avast4
    [17/03/2008|15:08] C:\Program Files\CCleaner
    [02/02/2008|23:35] C:\Program Files\Common Files
    [12/10/2007|02:10] C:\Program Files\CSR
    [28/11/2007|18:50] C:\Program Files\desktop.ini
    [25/11/2012|19:41] C:\Program Files\DVD Shrink
    [12/10/2007|02:37] C:\Program Files\InstallShield Installation Information
    [12/10/2007|02:16] C:\Program Files\Intel
    [13/02/2008|12:34] C:\Program Files\Internet Explorer
    [27/11/2007|19:32] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [28/11/2007|19:33] C:\Program Files\Microsoft Office
    [28/11/2007|19:35] C:\Program Files\Microsoft Visual Studio
    [12/10/2007|02:15] C:\Program Files\Motorola
    [18/04/2007|11:24] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [18/04/2007|10:43] C:\Program Files\MSXML 4.0
    [12/10/2007|01:10] C:\Program Files\Nero
    [12/10/2007|02:36] C:\Program Files\P4G
    [12/10/2007|02:37] C:\Program Files\P4P
    [12/10/2007|02:03] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [31/03/2008|21:17] C:\Program Files\Spybot - Search & Destroy
    [31/03/2008|11:34] C:\Program Files\SUPERAntiSpyware
    [12/10/2007|02:29] C:\Program Files\Synaptics
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [28/11/2012|15:06] C:\Program Files\Windows Calendar
    [18/04/2007|11:24] C:\Program Files\Windows Collaboration
    [12/10/2007|02:42] C:\Program Files\Windows Defender
    [18/04/2007|11:24] C:\Program Files\Windows Journal
    [26/11/2007|22:18] C:\Program Files\Windows Live
    [12/03/2008|11:07] C:\Program Files\Windows Mail
    [28/11/2012|15:06] C:\Program Files\Windows Media Player
    [02/11/2006|14:37] C:\Program Files\Windows NT
    [18/04/2007|11:24] C:\Program Files\Windows Photo Gallery
    [09/01/2008|12:57] C:\Program Files\Windows Sidebar
    [12/10/2007|02:08] C:\Program Files\Wireless Console 2
    [17/03/2008|15:08] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [02/02/2008|23:35] C:\Program Files\Common Files\.
    [02/02/2008|23:35] C:\Program Files\Common Files\..
    [07/01/2008|12:02] C:\Program Files\Common Files\Adobe
    [12/10/2007|01:12] C:\Program Files\Common Files\Ahead
    [28/11/2007|19:35] C:\Program Files\Common Files\Designer
    [12/10/2007|02:31] C:\Program Files\Common Files\InstallShield
    [12/10/2007|01:12] C:\Program Files\Common Files\LightScribe
    [28/11/2007|19:35] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [25/11/2012|16:54] C:\Program Files\Common Files\Symantec Shared
    [28/11/2007|19:18] C:\Program Files\Common Files\System
    [26/11/2007|22:18] C:\Program Files\Common Files\WindowsLiveInstaller
    [31/03/2008|11:33] C:\Program Files\Common Files\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\ProgramData\meet ball move.0x9i8h
    C:\ProgramData\Shim blue blue.070ney
    C:\ProgramData\Shim blue blue.8qp5g16
    C:\ProgramData\Shim blue blue.vhp9s
    C:\ProgramData\meet ball move.0x9i8h
    C:\ProgramData\Shim blue blue.070ney
    C:\ProgramData\Shim blue blue.8qp5g16
    C:\ProgramData\Shim blue blue.vhp9s

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\ProgramData\bags readme locks tick
    C:\ProgramData\bags readme locks tick\Base does.exe
    C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-1567EE54.pf
    C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-4B96C6DE.pf
    C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-B1E43D72.pf

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:08:37
    Windows 6.0.6000 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:45][Doss:21] C:\Users\Laurent\AppData\Local\Temp
    /!\ [Fich:133][Doss:1] C:\Users\Laurent\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:421][Doss:6] C:\Users\Laurent\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 18:09:02,70 ]----------------------
    1 Avril 2008 18:20:36

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    1 Avril 2008 18:27:04

    voici le deuxieme bilan


    -----------------------[ Lop S&D 4.1.0-4 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : Laurent ] [ "C:\Lop SD" ]
    [ 01/04/2008 | 18:23:06,41 ] [ PC : LORRAN ]
    [ MAJ : 31-03-2008 | 21:52 ]
    [ UAC => 0 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\ProgramData\bags readme locks tick\Base does.exe
    Supprimé! - C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-1567EE54.pf
    Supprimé! - C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-4B96C6DE.pf
    Supprimé! - C:\Windows\Prefetch\BITROLL-5.0.0.0-SETUP-0897[1]-B1E43D72.pf
    Supprimé! - C:\ProgramData\meet ball move.0x9i8h
    Supprimé! - C:\ProgramData\Shim blue blue.070ney
    Supprimé! - C:\ProgramData\Shim blue blue.8qp5g16
    Supprimé! - C:\ProgramData\Shim blue blue.vhp9s
    Supprimé! - C:\ProgramData\bags readme locks tick
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Adobe\Acrobat
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\..
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\Linguistics
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\.

    [19/01/2008|21:49] C:\Users\Laurent\AppData\Roaming\Apple Computer\iTunes
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\..
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\ACE
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\GetValue.vbs\GetValue.vbs

    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\..
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\{CD143A3E-2D27-438C-B7ED-D8253766337C}
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\.

    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\..
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\ISEngine12.0
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\.

    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\..
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\Wireless
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\.
    [31/03/2008|11:31] C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player

    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\..
    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\.

    [28/11/2012|15:22] C:\Users\Laurent\AppData\Roaming\Microsoft\Publisher
    [25/11/2012|19:48] C:\Users\Laurent\AppData\Roaming\Microsoft\Windows
    [25/11/2012|17:35] C:\Users\Laurent\AppData\Roaming\Microsoft\CLView
    [25/11/2012|17:08] C:\Users\Laurent\AppData\Roaming\Microsoft\HTML Help
    [25/11/2012|16:20] C:\Users\Laurent\AppData\Roaming\Microsoft\UProof
    [25/11/2012|16:17] C:\Users\Laurent\AppData\Roaming\Microsoft\Proof
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\Document Building Blocks
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\AddIns
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Microsoft\SystemCertificates
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\Microsoft\Protect
    [25/11/2012|15:29] C:\Users\Laurent\AppData\Roaming\Microsoft\Credentials
    [30/03/2008|21:04] C:\Users\Laurent\AppData\Roaming\Microsoft\ModŠles
    [28/03/2008|16:14] C:\Users\Laurent\AppData\Roaming\Microsoft\Word
    [14/03/2008|22:23] C:\Users\Laurent\AppData\Roaming\Microsoft\Crypto
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Office
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Excel
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\..
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\.
    [18/02/2008|23:30] C:\Users\Laurent\AppData\Roaming\Microsoft\PowerPoint
    [28/01/2008|00:42] C:\Users\Laurent\AppData\Roaming\Microsoft\Internet Explorer
    [08/01/2008|19:01] C:\Users\Laurent\AppData\Roaming\Microsoft\eHome
    [28/11/2007|19:50] C:\Users\Laurent\AppData\Roaming\Microsoft\preuve
    [28/11/2007|19:49] C:\Users\Laurent\AppData\Roaming\Microsoft\Macros compl‚mentaires
    [28/11/2007|19:36] C:\Users\Laurent\AppData\Roaming\Microsoft\MSE
    [28/11/2007|19:10] C:\Users\Laurent\AppData\Roaming\Microsoft\Templates
    [28/11/2007|18:47] C:\Users\Laurent\AppData\Roaming\Microsoft\Outlook
    [28/11/2007|16:48] C:\Users\Laurent\AppData\Roaming\Microsoft\IMJP10
    [26/11/2007|22:20] C:\Users\Laurent\AppData\Roaming\Microsoft\MSN Messenger
    [26/11/2007|22:19] C:\Users\Laurent\AppData\Roaming\Microsoft\IdentityCRL
    [26/11/2007|00:02] C:\Users\Laurent\AppData\Roaming\Microsoft\MMC
    [25/11/2007|23:46] C:\Users\Laurent\AppData\Roaming\Microsoft\Speech

    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\..
    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\SetValue.bat\SetValue.bat

    [31/03/2008|11:58] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\..
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\.

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [01/04/2008 18:22][--ah-----] C:\Windows\tasks\SA.DAT
    [01/04/2008 18:21][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [01/04/2008|18:23] C:\ProgramData\.
    [01/04/2008|18:23] C:\ProgramData\..
    [01/04/2008|10:42] C:\ProgramData\addr_file.html
    [07/01/2008|12:02] C:\ProgramData\Adobe
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [29/12/2007|00:17] C:\ProgramData\ASUS
    [01/04/2008|10:39] C:\ProgramData\Avira
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [25/11/2012|19:41] C:\ProgramData\DVD Shrink
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [01/04/2008|11:03] C:\ProgramData\iaifzrhh
    [12/10/2007|02:17] C:\ProgramData\Intel
    [25/11/2012|18:31] C:\ProgramData\LightScribe
    [26/11/2007|00:02] C:\ProgramData\Microsoft
    [28/11/2007|19:23] C:\ProgramData\Microsoft Help
    [01/04/2008|11:07] C:\ProgramData\More way title
    [12/10/2007|01:10] C:\ProgramData\Nero
    [23/02/2008|11:12] C:\ProgramData\ntuser.pol
    [12/10/2007|02:36] C:\ProgramData\P4G
    [31/03/2008|21:12] C:\ProgramData\Spybot - Search & Destroy
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [31/03/2008|11:34] C:\ProgramData\SUPERAntiSpyware.com
    [25/11/2012|16:54] C:\ProgramData\Symantec
    [02/11/2006|15:02] C:\ProgramData\Templates
    [31/03/2008|12:03] C:\ProgramData\wdofwnen
    [28/11/2007|18:46] C:\ProgramData\WLInstaller
    [01/04/2008|11:07] C:\ProgramData\wmhtdxrt
    [17/03/2008|17:41] C:\ProgramData\Yahoo! Companion

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/04/2008|12:05] C:\Program Files\.
    [01/04/2008|12:05] C:\Program Files\..
    [28/11/2007|19:04] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [07/01/2008|12:01] C:\Program Files\Adobe
    [01/04/2008|12:07] C:\Program Files\antivirus
    [17/03/2008|15:44] C:\Program Files\a-squared Free
    [12/10/2007|02:37] C:\Program Files\ASUS
    [12/10/2007|01:45] C:\Program Files\ATI
    [12/10/2007|01:47] C:\Program Files\ATI Technologies
    [12/10/2007|01:50] C:\Program Files\ATK Hotkey
    [12/10/2007|02:30] C:\Program Files\ATKGFNEX
    [12/10/2007|01:50] C:\Program Files\ATKOSD2
    [07/01/2008|11:06] C:\Program Files\Avast4
    [17/03/2008|15:08] C:\Program Files\CCleaner
    [02/02/2008|23:35] C:\Program Files\Common Files
    [12/10/2007|02:10] C:\Program Files\CSR
    [28/11/2007|18:50] C:\Program Files\desktop.ini
    [25/11/2012|19:41] C:\Program Files\DVD Shrink
    [12/10/2007|02:37] C:\Program Files\InstallShield Installation Information
    [12/10/2007|02:16] C:\Program Files\Intel
    [13/02/2008|12:34] C:\Program Files\Internet Explorer
    [27/11/2007|19:32] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [28/11/2007|19:33] C:\Program Files\Microsoft Office
    [28/11/2007|19:35] C:\Program Files\Microsoft Visual Studio
    [12/10/2007|02:15] C:\Program Files\Motorola
    [18/04/2007|11:24] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [18/04/2007|10:43] C:\Program Files\MSXML 4.0
    [12/10/2007|01:10] C:\Program Files\Nero
    [12/10/2007|02:36] C:\Program Files\P4G
    [12/10/2007|02:37] C:\Program Files\P4P
    [12/10/2007|02:03] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [31/03/2008|21:17] C:\Program Files\Spybot - Search & Destroy
    [31/03/2008|11:34] C:\Program Files\SUPERAntiSpyware
    [12/10/2007|02:29] C:\Program Files\Synaptics
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [28/11/2012|15:06] C:\Program Files\Windows Calendar
    [18/04/2007|11:24] C:\Program Files\Windows Collaboration
    [12/10/2007|02:42] C:\Program Files\Windows Defender
    [18/04/2007|11:24] C:\Program Files\Windows Journal
    [26/11/2007|22:18] C:\Program Files\Windows Live
    [12/03/2008|11:07] C:\Program Files\Windows Mail
    [28/11/2012|15:06] C:\Program Files\Windows Media Player
    [02/11/2006|14:37] C:\Program Files\Windows NT
    [18/04/2007|11:24] C:\Program Files\Windows Photo Gallery
    [09/01/2008|12:57] C:\Program Files\Windows Sidebar
    [12/10/2007|02:08] C:\Program Files\Wireless Console 2
    [17/03/2008|15:08] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [02/02/2008|23:35] C:\Program Files\Common Files\.
    [02/02/2008|23:35] C:\Program Files\Common Files\..
    [07/01/2008|12:02] C:\Program Files\Common Files\Adobe
    [12/10/2007|01:12] C:\Program Files\Common Files\Ahead
    [28/11/2007|19:35] C:\Program Files\Common Files\Designer
    [12/10/2007|02:31] C:\Program Files\Common Files\InstallShield
    [12/10/2007|01:12] C:\Program Files\Common Files\LightScribe
    [28/11/2007|19:35] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [25/11/2012|16:54] C:\Program Files\Common Files\Symantec Shared
    [28/11/2007|19:18] C:\Program Files\Common Files\System
    [26/11/2007|22:18] C:\Program Files\Common Files\WindowsLiveInstaller
    [31/03/2008|11:33] C:\Program Files\Common Files\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:23:30
    Windows 6.0.6000 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:42][Doss:21] C:\Users\Laurent\AppData\Local\Temp
    /!\ [Fich:133][Doss:1] C:\Users\Laurent\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:421][Doss:6] C:\Users\Laurent\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 18:23:47,40 ]----------------------
    1 Avril 2008 18:34:41

    Re,

    Poste un nouveau rapport hijackthis.

    ;) 
    1 Avril 2008 18:39:41


    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:36:54, on 01/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Program Files\P4P\P4P.exe
    C:\Windows\ASScrPro.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\explorer.exe
    C:\Program Files\antivirus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\Windows\System32\msram.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [mediaflag] "C:\ProgramData\Shim blue blue.070ney"
    O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\meet ball move.0x9i8h"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

    --
    End of file - 6701 bytes
    1 Avril 2008 18:47:28

    Re,

    Refais un LopS&D option 1 :) 
    1 Avril 2008 18:53:54

    nouveau rapport


    -----------------------[ Lop S&D 4.1.0-4 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : Laurent ] [ "C:\Lop SD" ]
    [ 01/04/2008 | 18:50:00,14 ] [ PC : LORRAN ]
    [ MAJ : 31-03-2008 | 21:52 ]
    [ UAC => 0 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Adobe\Acrobat
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\..
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\Linguistics
    [07/01/2008|11:38] C:\Users\Laurent\AppData\Roaming\Adobe\.

    [19/01/2008|21:49] C:\Users\Laurent\AppData\Roaming\Apple Computer\iTunes
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\..
    [19/01/2008|21:46] C:\Users\Laurent\AppData\Roaming\Apple Computer\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\ACE
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\ATI\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\GetValue.vbs\GetValue.vbs

    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\..
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\{CD143A3E-2D27-438C-B7ED-D8253766337C}
    [25/11/2012|15:36] C:\Users\Laurent\AppData\Roaming\Identities\.

    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\..
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\ISEngine12.0
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\InstallShield\.

    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\..
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\Wireless
    [12/02/2008|17:41] C:\Users\Laurent\AppData\Roaming\Intel\.

    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\..
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Macromedia\.
    [31/03/2008|11:31] C:\Users\Laurent\AppData\Roaming\Macromedia\Flash Player

    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\..
    [02/11/2006|14:37] C:\Users\Laurent\AppData\Roaming\Media Center Programs\.

    [28/11/2012|15:22] C:\Users\Laurent\AppData\Roaming\Microsoft\Publisher
    [25/11/2012|19:48] C:\Users\Laurent\AppData\Roaming\Microsoft\Windows
    [25/11/2012|17:35] C:\Users\Laurent\AppData\Roaming\Microsoft\CLView
    [25/11/2012|17:08] C:\Users\Laurent\AppData\Roaming\Microsoft\HTML Help
    [25/11/2012|16:20] C:\Users\Laurent\AppData\Roaming\Microsoft\UProof
    [25/11/2012|16:17] C:\Users\Laurent\AppData\Roaming\Microsoft\Proof
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\Document Building Blocks
    [25/11/2012|16:15] C:\Users\Laurent\AppData\Roaming\Microsoft\AddIns
    [25/11/2012|15:37] C:\Users\Laurent\AppData\Roaming\Microsoft\SystemCertificates
    [25/11/2012|15:31] C:\Users\Laurent\AppData\Roaming\Microsoft\Protect
    [25/11/2012|15:29] C:\Users\Laurent\AppData\Roaming\Microsoft\Credentials
    [30/03/2008|21:04] C:\Users\Laurent\AppData\Roaming\Microsoft\ModŠles
    [28/03/2008|16:14] C:\Users\Laurent\AppData\Roaming\Microsoft\Word
    [14/03/2008|22:23] C:\Users\Laurent\AppData\Roaming\Microsoft\Crypto
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Office
    [13/03/2008|19:32] C:\Users\Laurent\AppData\Roaming\Microsoft\Excel
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\..
    [13/03/2008|19:31] C:\Users\Laurent\AppData\Roaming\Microsoft\.
    [18/02/2008|23:30] C:\Users\Laurent\AppData\Roaming\Microsoft\PowerPoint
    [28/01/2008|00:42] C:\Users\Laurent\AppData\Roaming\Microsoft\Internet Explorer
    [08/01/2008|19:01] C:\Users\Laurent\AppData\Roaming\Microsoft\eHome
    [28/11/2007|19:50] C:\Users\Laurent\AppData\Roaming\Microsoft\preuve
    [28/11/2007|19:49] C:\Users\Laurent\AppData\Roaming\Microsoft\Macros compl‚mentaires
    [28/11/2007|19:36] C:\Users\Laurent\AppData\Roaming\Microsoft\MSE
    [28/11/2007|19:10] C:\Users\Laurent\AppData\Roaming\Microsoft\Templates
    [28/11/2007|18:47] C:\Users\Laurent\AppData\Roaming\Microsoft\Outlook
    [28/11/2007|16:48] C:\Users\Laurent\AppData\Roaming\Microsoft\IMJP10
    [26/11/2007|22:20] C:\Users\Laurent\AppData\Roaming\Microsoft\MSN Messenger
    [26/11/2007|22:19] C:\Users\Laurent\AppData\Roaming\Microsoft\IdentityCRL
    [26/11/2007|00:02] C:\Users\Laurent\AppData\Roaming\Microsoft\MMC
    [25/11/2007|23:46] C:\Users\Laurent\AppData\Roaming\Microsoft\Speech

    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\..
    [28/11/2007|19:33] C:\Users\Laurent\AppData\Roaming\Microsoft Web Folders\.

    [31/03/2008|21:19] C:\Users\Laurent\AppData\Roaming\SetValue.bat\SetValue.bat

    [31/03/2008|11:58] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\..
    [31/03/2008|11:34] C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com\.

    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [01/04/2008 18:49][--ah-----] C:\Windows\tasks\SA.DAT
    [01/04/2008 18:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [01/04/2008|18:23] C:\ProgramData\.
    [01/04/2008|18:23] C:\ProgramData\..
    [01/04/2008|10:42] C:\ProgramData\addr_file.html
    [07/01/2008|12:02] C:\ProgramData\Adobe
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [29/12/2007|00:17] C:\ProgramData\ASUS
    [01/04/2008|10:39] C:\ProgramData\Avira
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [25/11/2012|19:41] C:\ProgramData\DVD Shrink
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [01/04/2008|11:03] C:\ProgramData\iaifzrhh
    [12/10/2007|02:17] C:\ProgramData\Intel
    [25/11/2012|18:31] C:\ProgramData\LightScribe
    [26/11/2007|00:02] C:\ProgramData\Microsoft
    [28/11/2007|19:23] C:\ProgramData\Microsoft Help
    [01/04/2008|11:07] C:\ProgramData\More way title
    [12/10/2007|01:10] C:\ProgramData\Nero
    [23/02/2008|11:12] C:\ProgramData\ntuser.pol
    [12/10/2007|02:36] C:\ProgramData\P4G
    [31/03/2008|21:12] C:\ProgramData\Spybot - Search & Destroy
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [31/03/2008|11:34] C:\ProgramData\SUPERAntiSpyware.com
    [25/11/2012|16:54] C:\ProgramData\Symantec
    [02/11/2006|15:02] C:\ProgramData\Templates
    [31/03/2008|12:03] C:\ProgramData\wdofwnen
    [28/11/2007|18:46] C:\ProgramData\WLInstaller
    [01/04/2008|11:07] C:\ProgramData\wmhtdxrt
    [17/03/2008|17:41] C:\ProgramData\Yahoo! Companion

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/04/2008|12:05] C:\Program Files\.
    [01/04/2008|12:05] C:\Program Files\..
    [28/11/2007|19:04] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [07/01/2008|12:01] C:\Program Files\Adobe
    [01/04/2008|18:37] C:\Program Files\antivirus
    [17/03/2008|15:44] C:\Program Files\a-squared Free
    [12/10/2007|02:37] C:\Program Files\ASUS
    [12/10/2007|01:45] C:\Program Files\ATI
    [12/10/2007|01:47] C:\Program Files\ATI Technologies
    [12/10/2007|01:50] C:\Program Files\ATK Hotkey
    [12/10/2007|02:30] C:\Program Files\ATKGFNEX
    [12/10/2007|01:50] C:\Program Files\ATKOSD2
    [07/01/2008|11:06] C:\Program Files\Avast4
    [17/03/2008|15:08] C:\Program Files\CCleaner
    [02/02/2008|23:35] C:\Program Files\Common Files
    [12/10/2007|02:10] C:\Program Files\CSR
    [28/11/2007|18:50] C:\Program Files\desktop.ini
    [25/11/2012|19:41] C:\Program Files\DVD Shrink
    [12/10/2007|02:37] C:\Program Files\InstallShield Installation Information
    [12/10/2007|02:16] C:\Program Files\Intel
    [13/02/2008|12:34] C:\Program Files\Internet Explorer
    [27/11/2007|19:32] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [28/11/2007|19:33] C:\Program Files\Microsoft Office
    [28/11/2007|19:35] C:\Program Files\Microsoft Visual Studio
    [12/10/2007|02:15] C:\Program Files\Motorola
    [18/04/2007|11:24] C:\Program Files\Movie Maker
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [18/04/2007|10:43] C:\Program Files\MSXML 4.0
    [12/10/2007|01:10] C:\Program Files\Nero
    [12/10/2007|02:36] C:\Program Files\P4G
    [12/10/2007|02:37] C:\Program Files\P4P
    [12/10/2007|02:03] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [31/03/2008|21:17] C:\Program Files\Spybot - Search & Destroy
    [31/03/2008|11:34] C:\Program Files\SUPERAntiSpyware
    [12/10/2007|02:29] C:\Program Files\Synaptics
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [28/11/2012|15:06] C:\Program Files\Windows Calendar
    [18/04/2007|11:24] C:\Program Files\Windows Collaboration
    [12/10/2007|02:42] C:\Program Files\Windows Defender
    [18/04/2007|11:24] C:\Program Files\Windows Journal
    [26/11/2007|22:18] C:\Program Files\Windows Live
    [12/03/2008|11:07] C:\Program Files\Windows Mail
    [28/11/2012|15:06] C:\Program Files\Windows Media Player
    [02/11/2006|14:37] C:\Program Files\Windows NT
    [18/04/2007|11:24] C:\Program Files\Windows Photo Gallery
    [09/01/2008|12:57] C:\Program Files\Windows Sidebar
    [12/10/2007|02:08] C:\Program Files\Wireless Console 2
    [17/03/2008|15:08] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [02/02/2008|23:35] C:\Program Files\Common Files\.
    [02/02/2008|23:35] C:\Program Files\Common Files\..
    [07/01/2008|12:02] C:\Program Files\Common Files\Adobe
    [12/10/2007|01:12] C:\Program Files\Common Files\Ahead
    [28/11/2007|19:35] C:\Program Files\Common Files\Designer
    [12/10/2007|02:31] C:\Program Files\Common Files\InstallShield
    [12/10/2007|01:12] C:\Program Files\Common Files\LightScribe
    [28/11/2007|19:35] C:\Program Files\Common Files\microsoft shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [25/11/2012|16:54] C:\Program Files\Common Files\Symantec Shared
    [28/11/2007|19:18] C:\Program Files\Common Files\System
    [26/11/2007|22:18] C:\Program Files\Common Files\WindowsLiveInstaller
    [31/03/2008|11:33] C:\Program Files\Common Files\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:50:13
    Windows 6.0.6000 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:44][Doss:21] C:\Users\Laurent\AppData\Local\Temp
    /!\ [Fich:133][Doss:1] C:\Users\Laurent\AppData\Roaming\MICROS~1\Windows\Cookies
    /!\ [Fich:426][Doss:6] C:\Users\Laurent\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 18:50:32,30 ]----------------------
    1 Avril 2008 18:59:48

    Re,

    Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
    et valide par OK , il te sera demandé de redémarrer, fais le )


    Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    ;) 
    1 Avril 2008 19:22:18

    un message s'affiche Windows va fermer le programme car "execute processes remotely" a cesse de fonctionner
    1 Avril 2008 19:27:49

    est-ce que ce rapport est le bon ?

    ComboFix 08-03-30.5 - Laurent 2008-04-01 19:18:18.1 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1691 [GMT 2:00]
    Endroit: C:\Users\Laurent\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\p4p
    C:\Program Files\p4p\Bookmark.ini
    C:\Program Files\p4p\P4P.exe
    C:\Program Files\p4p\RING.WAV
    C:\Users\Laurent\Desktopblackbird.jpg
    C:\Users\Laurent\DesktopEditorFKWP1.5.exe
    C:\Users\Laurent\DesktopEditorFKWP2.0.exe
    C:\Users\Laurent\Desktopfilemanagerclient.exe
    C:\Users\Laurent\Desktopfkwp1.5.exe
    C:\Users\Laurent\Desktopfkwp2.0.exe
    C:\Users\Laurent\Desktopfwebd.exe
    C:\Users\Laurent\DesktopFWebdEditor.exe
    C:\Users\Laurent\DesktopTrojan.Win32.BlackBird.exe
    C:\Users\Laurent\Desktopvirii
    C:\Windows\system32\msram.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-28 13:06 --------- d-----w C:\Program Files\Windows Calendar
    2012-11-25 17:41 --------- d-----w C:\ProgramData\DVD Shrink
    2012-11-25 17:41 --------- d-----w C:\Program Files\DVD Shrink
    2012-11-25 16:31 --------- d-----w C:\ProgramData\LightScribe
    2012-11-25 14:54 --------- d-----w C:\ProgramData\Symantec
    2012-11-25 14:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2012-11-25 13:37 --------- d-----w C:\Users\Laurent\AppData\Roaming\ATI
    2012-11-25 13:31 --------- d-----w C:\Users\Laurent\AppData\Roaming\InstallShield
    2008-04-01 17:08 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-01 16:37 --------- d-----w C:\Program Files\antivirus
    2008-04-01 09:07 --------- d-----w C:\ProgramData\wmhtdxrt
    2008-04-01 09:07 --------- d-----w C:\ProgramData\More way title
    2008-04-01 09:03 --------- d-----w C:\ProgramData\iaifzrhh
    2008-04-01 08:39 --------- d-----w C:\ProgramData\Avira
    2008-03-31 19:19 691 ----a-w C:\Users\Laurent\AppData\Roaming\GetValue.vbs
    2008-03-31 19:19 35 ----a-w C:\Users\Laurent\AppData\Roaming\SetValue.bat
    2008-03-31 19:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-31 19:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-31 15:09 691,545 ----a-w C:\Windows\unins000.exe
    2008-03-31 10:03 --------- d-----w C:\ProgramData\wdofwnen
    2008-03-31 09:34 --------- d-----w C:\Users\Laurent\AppData\Roaming\SUPERAntiSpyware.com
    2008-03-31 09:34 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
    2008-03-17 15:41 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-03-17 13:44 --------- d-----w C:\Program Files\a-squared Free
    2008-03-17 13:08 --------- d-----w C:\Program Files\Yahoo!
    2008-03-17 13:08 --------- d-----w C:\Program Files\CCleaner
    2008-03-12 09:07 --------- d-----w C:\Program Files\Windows Mail
    2008-02-13 09:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 09:06 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-13 09:06 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-13 09:06 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-13 09:06 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-13 09:06 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-13 09:06 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-13 09:06 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-02-13 09:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 09:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 09:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 09:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 09:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
    2008-02-13 09:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 09:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 09:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 09:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 09:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 09:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 09:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-12 15:41 --------- d-----w C:\Users\Laurent\AppData\Roaming\Intel
    2007-11-28 16:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 02:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:01 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "mediaflag"="C:\ProgramData\Shim blue blue.070ney" [ ]
    "locks tick title proc"="C:\ProgramData\meet ball move.0x9i8h" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 01:24 1006264]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
    "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 20:42 1057328]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 19:31 630784]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-02 23:24 857648]
    "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
    "PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
    "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-12 02:38 37232]
    "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-12 02:38 33136]
    "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2001-12-11 23:24:32 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "ValidateAdminCodeSignatures"= 1 (0x1)
    "FilterAdministratorToken"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-98363209-2497091565-287844904-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1BA4CB7D-6CD3-49A0-AA6F-0865142E0779}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C763C924-520E-459C-BF76-0D00A7F8AEF3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B1817BF0-2C4F-4C1C-8AA9-281986882D3F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-06-27 07:00]
    S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    *Newly Created Service* - CATCHME
    *Newly Created Service* - ECACHE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 19:22:52
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-01 19:23:25
    ComboFix-quarantined-files.txt 2008-04-01 17:23:23
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    .
    2008-03-30 16:36:03 --- E O F ---
    1 Avril 2008 19:35:43

    Re,

    Poste un nouveau rapport hijackthis maintenant :p 
    1 Avril 2008 19:40:27

    voilà rapport fait sous mode sans echec

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:38:26, on 01/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\explorer.exe
    C:\Program Files\antivirus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [mediaflag] "C:\ProgramData\Shim blue blue.070ney"
    O4 - HKCU\..\Run: [locks tick title proc] "C:\ProgramData\meet ball move.0x9i8h"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

    --
    End of file - 5891 bytes
    1 Avril 2008 19:55:02

    Re,

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    1 Avril 2008 20:39:33

    antivir est entrain de travailler, il en est a 50%. Je profite de ce laps de temps pour vous remercier de votre disponibilité.

    dès que le rapport est prêt je vous le poste

    kinos
    1 Avril 2008 20:49:02

    voici le rapport de Antivir



    AntiVir PersonalEdition Classic
    Report file date: mardi 1 avril 2008 20:25

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Username: Laurent
    Computer name: LORRAN

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 1 avril 2008 20:25

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    18 processes with 18 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '20' files ).


    Starting the file scan:

    Begin scan in 'C:\' <VistaOS>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DATA>


    End of the scan: mardi 1 avril 2008 20:41
    Used time: 16:32 min

    The scan has been done completely.

    18053 Scanning directories
    169433 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    169433 Files not concerned
    1375 Archives were scanned
    1 Warnings
    0 Notes

    1 Avril 2008 20:50:36

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    1 Avril 2008 21:30:26

    Il y avait 12 suspects

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 580

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 126120
    Temps écoulé: 12 minute(s), 46 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{5d78043e-22af-4503-beb2-be769d6c62e1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a62f247b-512f-4ded-930b-3fc1b3dccb7a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{80edbb3b-2c32-4bd6-96ae-3e4cd089c570} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\msram.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
    1 Avril 2008 21:39:03

    Re,

    Poste un nouveau rapport hijackthis et dis-moi comment va le PC, toujours des problèmes ?

    ;) 
    1 Avril 2008 21:47:52

    Le Pc semble redevenu raisonnable, je n'ai plus d'ouvertures intempestives de fenêtres.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:45:06, on 01/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\ASScrPro.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\antivirus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

    --
    End of file - 6576 bytes
    1 Avril 2008 22:42:30

    50' sans problème, je pense que mes soucis sont résolus. Tous mes remerciements pour ce service.

    Kinos
    1 Avril 2008 22:44:50

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    2 Avril 2008 09:51:39

    Bonjour,

    voici le rapport de Tools Cleaner, je passe à la suite


    -->- Recherche:

    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\Program Files\antivirus\HijackThis.exe: trouvé !
    C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: trouvé !
    C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: trouvé !
    C:\Users\Laurent\Desktop\SdFix.exe: trouvé !
    C:\Users\Laurent\Desktop\Lop S&D.lnk: trouvé !
    C:\Users\Laurent\Desktop\LopSD.exe: trouvé !
    C:\Users\Laurent\Desktop\ComboFix.exe: trouvé !
    C:\Users\Laurent\Downloads\SmitFraudfix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\Program Files\antivirus\HijackThis.exe: supprimé !
    C:\Users\Laurent\Desktop\SdFix.exe: supprimé !
    C:\Users\Laurent\Desktop\Lop S&D.lnk: supprimé !
    C:\Users\Laurent\Desktop\LopSD.exe: supprimé !
    C:\Users\Laurent\Desktop\ComboFix.exe: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: Erreur de suppression !
    C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: supprimé !
    C:\Users\Laurent\Downloads\SmitFraudfix: supprimé !

    Point de restauration crée !
    Corbeille vidée!
    Fichiers temporaires nettoyés !
    Sauvegarde du registre crée!


    2 Avril 2008 10:21:34

    Je viens de finir, la manip, seule difficulté, pour désactiver et réactiver la restauration systeme sous vista. J'ai utiliser ce site
    http://www.pcentraide.com/index.php?showtopic=55283.

    Je vais rapporter mon infection sur Malware-complaints. Je parlerai de Smitfarud, mais je ne sais pas s'il y avait autre chose.

    Un seul regret, c'est d'avoir agit sans comprendre, et surtout bénéficier d'une aide sans pouvoir renvoyer la balle, de simples mercis sont un peu courts.

    Félicitations pour ta compétence et ta disponibilité.

    Kinos
    2 Avril 2008 17:58:42

    Re,

    Si tu as quelques questions, vas-y je t'écoute :p 

    ;) 
    3 Avril 2008 22:13:33

    Bonsoir,

    mon regret c'est de ne pouvoir décrypter les listings que je t'envoyais, et par conséquent d'être incapable de m'en sortir seul (ou d'aider quelqu'un) une autre fois si cela arrive.

    Une question de mon niveau, je suis entrain d'installer Antivir et Zone Alarm sur 2 autres PC, faut-il fair les scans en mode sans échec ?

    N'y avait-il que Smitfraud dans la machine ?

    Une dernière question, sur le forum, comment reconnaitre qu'une personne compétente est aux commandes?

    J'arrêterai là mon interrogatoire.

    Bonne soirée
    4 Avril 2008 00:13:14

    Re,

    Citation :
    mon regret c'est de ne pouvoir décrypter les listings que je t'envoyais, et par conséquent d'être incapable de m'en sortir seul (ou d'aider quelqu'un) une autre fois si cela arrive.


    C'est plusieurs mois d'apprentissage, et beaucoup d'investissement au début :)  On n'apprend pas ça comme on fait le sport du dimanche ( exemple qui vaut se qui vaut :p  ).

    Citation :
    Une question de mon niveau, je suis entrain d'installer Antivir et Zone Alarm sur 2 autres PC, faut-il fair les scans en mode sans échec ?


    Oui de préférence, efficacité accrue, notamment dans la phase de suppression et de mise que quarantaine.

    Citation :
    Une dernière question, sur le forum, comment reconnaitre qu'une personne compétente est aux commandes?


    Tu lis les règles : http://www.infos-du-net.com/forum/272538-11-rappels-sec...
    et tu regardes si la personne qui te réponds semble qualifiée ( nombre de ses interventions, son activité sur le forum, la qualité de ses explications, tu vas voir ce qu'il a fait dans d'autres sujets etc... ).

    Bonne nuit :sleep: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS