PC lent, pubs pour faux-antivirus et autres!

Salut, j'aurais besoin de votre aide mon PC est surement infecté car même quand je ne suis pas sur une page web je vois des fenêtres de publicité qui redirigent souvent vers des messages indiquant que mon PC est infecté et qu'il faut que je télécharge un antivirus.
C'est trés bête, car juste la semaine ou norton ne veut plus marcher, je chope un truc...

Enfin bref, voila le rapport HijackThis:

hijackthis.txt

Merci d'avance pour votre aide.
J'ai fait des scans avec divers antivirus, antispywares,... je ne trouve plus rien mais les messages subsistent.

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
tuto desactiver l'UAC

Télécharge maintenant Navilog1 depuis-ce lien :

Lien
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur [g]navilog1.exe[/g] pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix [g]1[/g]
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
tuto ici

J'ai désactivé comme demandé le controle des compte utilisateurs (je précise que je suis sous vista) et voici le rapport Navilog1:

Search Navipromo version 3.5.5 commencé le 01/05/2008 à 10:36:31,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "max"

Mise à jour le 29.04.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16643
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\max\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\max\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\max\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\max\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\max\AppData\Local\Microsoft" :


* Dans "C:\Users\max\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 01/05/2008 à 10:41:46,19 ***

Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre
Réactive le contrôle des comptes utilisateurs (UAC)

Hola, je ne sais pas si c'est normal mais aprés avoir fait ce que tu m'a dit au rédémarrage je me retrouve avec 3 fenêtres de dll introuvable ainsi que des fenêtres de spybot qui me demande d'accepter ou refuser des modifications du registre ^^'' a part ça, le rapport est la:

Clean Navipromo version 3.5.5 commencé le 01/05/2008 à 11:48:55,95

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "max"

Mise à jour le 29.04.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16643
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\max\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\max\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\max\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\max\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\max\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\max\AppData\Local\Microsoft" *


* Dans "C:\Users\max\AppData\Local" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 01/05/2008 à 11:51:24,41 ***

oui c est pour ca que dans le tuto c est marqué de désactiver c est protection résidente!

remet moi un hijackthis stp
a+ tard

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:07, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\max\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1128954A-582F-4756-902D-501875A250A5} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CA146A6-BB28-4613-A600-7AD5A73DEF6D} - C:\Users\max\AppData\Local\Temp\qoMDTjHx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRKEVOH.dll,#1
O4 - HKLM\..\Run: [fc459d3d] rundll32.exe "C:\Windows\system32\pmsgyrmc.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\max\AppData\Local\Temp\iifgDwXq.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8032 bytes

Sinon pour l'instant je ne vois plus de pub intempestive et le démarrage de firefox a retrouvé de la rapidité
j'espère juste que je ne parle pas trop vite...

oui peu etre mais y a encore des truc!!
tu fait du p2p?

fait ca stp
Désactive toute protection résidente ! (Antivirus, antispywares..)
Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans echec
tuto mode sans echec

[*] Double clique combofix.exe.
[*] Tape sur la touche Y (Yes) pour démarrer le scan.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

[u]NOTE :[/u] Le rapport se trouve également ici : C:\Combofix.txt

tuto ici


(Modifié par bibou0007 le 01-05-2008 à 12:47)

(Modifié par bibou0007 le 01-05-2008 à 12:48)

Re,
-J'ai fait le rapport combofix, mais pendant l'analyse en mode sans échec, j'ai vu plusieurs fois des lignes du genre "access denied not administrator right" est-ce que je dois le refaire en mode administrateur?

tu fait du p2p?

Euh oui, je l'avoue il y a un problème avec ça?
-Sinon voila le rapport combofix malgré les nombreux access denied:

ComboFix 08-04-29.5 - max 2008-05-01 13:15:30.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1693 [GMT 2:00]
Endroit: C:\Users\max\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\cmrygsmp.ini
C:\Windows\system32\pmsgyrmc.dll
C:\Windows\system32\rqRKEVOH.dll
C:\Windows\system32\ssQhfGXo.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 09:59 47,937 ----a-w C:\Users\max\AppData\Roaming\nvModes.dat
2008-05-01 09:51 --------- d-----w C:\Program Files\Navilog1
2008-04-30 13:23 --------- d-----w C:\Users\max\AppData\Roaming\Shareaza
2008-04-30 13:09 --------- d-----w C:\Users\max\AppData\Roaming\Azureus
2008-04-30 13:09 --------- d-----w C:\Program Files\Azureus
2008-04-30 12:24 --------- d-----w C:\PROGRA~2\jkmyuhjv
2008-04-30 10:54 --------- d-----w C:\PROGRA~2\pxysxyqe
2008-04-30 10:54 --------- d-----w C:\PROGRA~2\jyzapwvs
2008-04-29 18:49 --------- d-----w C:\Program Files\RAR Password Cracker
2008-04-27 18:49 --------- d-----w C:\Program Files\Free Audio Pack
2008-04-20 14:10 --------- d-----w C:\Program Files\Joost
2008-04-11 17:08 --------- d-----w C:\Users\max\AppData\Roaming\teamspeak2
2008-04-09 15:23 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 15:20 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-07 15:01 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 11:32 --------- d-----w C:\PROGRA~2\Symantec
2008-04-06 15:30 --------- d-----w C:\Users\max\AppData\Roaming\Grisoft
2008-04-06 15:29 --------- d-----w C:\PROGRA~2\Grisoft
2008-04-04 12:19 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-04 12:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-03 13:10 --------- d-----w C:\PROGRA~2\AntiVir PersonalEdition Classic
2008-04-02 18:19 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-03-30 16:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-19 18:56 --------- d-----w C:\Program Files\ToXiC
2008-03-12 13:37 --------- d--h--r C:\Users\max\AppData\Roaming\SecuROM
2008-03-12 13:28 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-12 13:28 22,328 ----a-w C:\Users\max\AppData\Roaming\PnkBstrK.sys
2008-03-12 13:27 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-03-12 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 19:10 --------- d-----w C:\Users\max\AppData\Roaming\Ubisoft
2008-03-11 19:10 --------- d-----w C:\PROGRA~2\Ubisoft
2008-03-11 19:00 --------- d-----w C:\Users\max\AppData\Roaming\DAEMON Tools
2008-03-11 17:56 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-11 17:50 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-11 17:45 --------- d-----w C:\Users\max\AppData\Roaming\CyberLink
2008-03-09 19:21 --------- d-----w C:\PROGRA~2\FLEXnet
2008-03-09 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-09 19:04 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-09 19:04 --------- d-----w C:\Program Files\Bonjour
2008-03-08 10:18 --------- d-----w C:\Program Files\Java
2008-03-06 19:47 --------- d-----w C:\Program Files\RapidLeecher Ultimate 2007
2008-03-01 13:07 --------- d-----w C:\Program Files\Dawn of Telperion
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 18:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 18:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 18:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 18:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 18:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-04 17:10 0 ----a-w C:\Users\max\AppData\Roaming\wklnhst.dat
2008-02-02 06:45 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-02-02 06:45 249,856 ------w C:\Windows\Setup1.exe
2007-12-24 09:28 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-07_12.48.09,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-24 23:21:00 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\Windows\bdoscandel.exe
- 2008-04-07 09:50:46 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-01 11:18:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-05-24 23:21:00 118,784 ----a-w C:\Windows\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\Windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\Help\Tablet PC\PTRes.dll
+ 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\Help\Tablet PC\TTRes.dll
- 2008-03-12 02:08:07 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-04-09 15:22:57 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-03-12 02:08:08 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-09 15:23:05 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-12 02:08:06 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-09 15:23:05 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-12 02:08:06 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-09 15:22:57 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2007-08-24 06:10:14 1,846,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
- 2008-03-12 02:02:37 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-09 15:20:55 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 02:02:37 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-09 15:20:55 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-12 02:02:37 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-09 15:20:55 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 02:02:37 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-09 15:20:55 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 02:02:37 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-09 15:20:55 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 02:02:37 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-09 15:20:55 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 02:02:37 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-09 15:20:55 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 02:02:37 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-09 15:20:55 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
+ 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\MSAgent\AgtUI.dll
- 2008-03-12 02:01:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-09 15:18:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 09:53:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-01 11:18:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-01 11:18:50 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-05 13:36:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-17 19:00:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-05 13:36:02 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-17 19:00:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-12 02:02:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-09 15:18:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 13:36:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-17 19:00:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-07 09:52:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-01 11:18:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-01 11:18:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\system\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\system\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\system\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\system\vga.drv
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\System32\acprgwiz.dll
- 2008-02-13 17:56:46 124,928 ----a-w C:\Windows\System32\advpack.dll
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll
+ 2007-12-24 08:37:45 2,048 ----a-w C:\Windows\System32\asferror.dll
+ 2005-02-24 10:10:10 2,084,864 ----a-w C:\Windows\System32\AudDesign.dll
+ 2005-02-24 10:10:30 417,792 ----a-w C:\Windows\System32\AudDisplay.dll
+ 2005-03-11 15:37:10 1,986,560 ----a-w C:\Windows\System32\AudFile.dll
+ 2005-02-24 10:11:06 1,212,416 ----a-w C:\Windows\System32\AudioInfos.dll
+ 2005-03-10 14:00:30 454,656 ----a-w C:\Windows\System32\AudioRecord.dll
+ 2005-02-24 10:11:56 479,232 ----a-w C:\Windows\System32\AudioVisu.dll
+ 2005-02-24 13:21:12 458,752 ----a-w C:\Windows\System32\AudPlayer.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\System32\bootstr.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\System32\bridgeres.dll
- 2006-11-02 09:51:44 615,528 ----a-w C:\Windows\System32\ci.dll
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\System32\ci.dll
+ 1998-07-12 17:00:00 32,768 ----a-w C:\Windows\System32\CMDLGFR.DLL
- 2008-04-07 09:56:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-01 09:46:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-07 09:56:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-01 09:46:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-07 09:56:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-01 09:46:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-07 10:45:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-07 15:02:38 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\System32\dfsrres.dll
- 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
- 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
- 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
+ 2006-11-02 08:27:54 2,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnca001.inf_92fbd03f\I386\CNBPGR02.DLL
+ 2006-11-02 09:41:10 2,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\prndc001.inf_79bb12be\I386\DICONRES.DLL
+ 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE11.DAT
+ 2006-09-18 21:40:29 1,778 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE12.DAT
+ 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE16.DAT
+ 2006-09-18 21:40:29 1,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2J.DAT
+ 2006-09-18 21:40:29 1,948 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2K.DAT
+ 2006-09-18 21:40:29 2,128 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2M.DAT
+ 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3N.DAT
+ 2006-09-18 21:40:29 1,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3O.DAT
+ 2006-09-18 21:40:29 1,764 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3P.DAT
+ 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3Q.DAT
+ 2006-09-18 21:40:29 2,618 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3T.DAT
+ 2006-09-18 21:40:29 2,188 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3V.DAT
+ 2006-09-18 21:40:29 2,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4A.DAT
+ 2006-09-18 21:40:29 2,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4D.DAT
+ 2006-09-18 21:40:30 2,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4S.DAT
- 2008-02-13 17:56:44 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
- 2008-02-13 17:56:44 214,528 ----a-w C:\Windows\System32\dxtrans.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll
- 2008-02-13 18:04:21 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
- 2007-12-24 09:27:08 298,848 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-09 15:24:41 298,848 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2006-11-02 09:46:05 296,448 ----a-w C:\Windows\System32\gdi32.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\System32\gdi32.dll
- 2008-02-13 17:56:43 63,488 ----a-w C:\Windows\System32\icardie.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll
- 2008-02-13 17:56:40 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
- 2008-02-13 17:56:45 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
- 2008-02-13 17:56:50 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
- 2008-02-13 17:56:40 44,544 ----a-w C:\Windows\System32\iernonce.dll
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll
- 2008-02-13 17:56:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
- 2008-02-13 17:56:50 180,736 ----a-w C:\Windows\System32\ieui.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll
- 2008-02-13 17:56:41 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
+ 1998-07-12 21:00:00 15,360 ----a-w C:\Windows\System32\inetfr.DLL
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\System32\iologmsg.dll
- 2008-02-13 17:56:46 27,648 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll
- 2008-02-13 18:04:23 6,656 ----a-w C:\Windows\System32\kbd106n.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\System32\kbd106n.dll
- 2006-11-02 08:30:44 8,704 ----a-w C:\Windows\System32\kd1394.dll
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\System32\keyboard.drv
+ 2003-08-07 13:01:50 237,568 ----a-w C:\Windows\System32\lame_enc.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\System32\lltdres.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\System32\mferror.dll
- 2008-02-13 17:56:46 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\System32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
+ 1998-07-12 21:00:00 59,904 ----a-w C:\Windows\System32\Mscc2fr.dll
+ 1998-07-12 21:00:00 141,312 ----a-w C:\Windows\System32\MSCMCFR.DLL
- 2008-02-13 17:56:48 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
- 2008-02-13 17:56:48 478,208 ----a-w C:\Windows\System32\mshtmled.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\System32\msimsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\System32\msprivs.dll
- 2008-02-13 17:56:43 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 1998-06-16 21:00:00 516,173 ----a-w C:\Windows\System32\MSVCP60D.DLL
+ 2000-11-29 00:07:30 307,200 ----a-w C:\Windows\System32\msvcr70.dll
+ 1998-06-16 21:00:00 385,100 ----a-w C:\Windows\System32\MSVCRTD.DLL
+ 2007-09-13 02:52:52 2,048 ----a-w C:\Windows\System32\msxml3r.dll
+ 2007-09-13 02:51:56 2,048 ----a-w C:\Windows\System32\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\System32\neth.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\System32\netmsg.dll
+ 2008-04-05 11:59:45 2,232 ----a-w C:\Windows\System32\networklist\icons\{073A4A76-1E24-48C0-A796-8B3449556CD5}_32.bin
+ 2008-04-12 16:30:21 2,456 ----a-w C:\Windows\System32\networklist\icons\{5DD2BE71-F036-4679-9D3D-82AD7DB0002E}_24.bin
+ 2008-04-12 16:30:21 4,280 ----a-w C:\Windows\System32\networklist\icons\{5DD2BE71-F036-4679-9D3D-82AD7DB0002E}_32.bin
+ 2008-04-12 16:30:21 9,560 ----a-w C:\Windows\System32\networklist\icons\{5DD2BE71-F036-4679-9D3D-82AD7DB0002E}_48.bin
+ 2007-12-29 11:05:08 2,456 ----a-w C:\Windows\System32\networklist\icons\{F3783E38-3EB7-4CDD-A33F-295472F28EAB}_24.bin
+ 2007-12-20 20:10:50 2,456 ----a-w C:\Windows\System32\networklist\icons\{F5B5C412-0F4D-4780-A9DE-D34215237C3D}_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\office_24.bin
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\System32\normaliz.dll
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\System32\oleaccrc.dll
- 2008-04-07 09:58:12 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-01 10:04:55 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-07 09:58:12 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-01 10:04:56 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-07 09:58:12 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-01 10:04:56 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-07 09:58:12 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-01 10:04:56 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-02-13 17:56:46 44,544 ----a-w C:\Windows\System32\pngfilt.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\System32\redir.exe
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\System32\rnr20.dll
- 2006-11-02 12:36:17 313,856 ----a-w C:\Windows\System32\rstrui.exe
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\System32\rstrui.exe
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\System32\SampleRes.dll
- 2008-03-12 17:21:21 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-09 19:49:35 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\System32\sound.drv
- 2006-11-02 12:36:17 40,960 ----a-w C:\Windows\System32\srclient.dll
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\System32\srclient.dll
- 2006-11-02 12:36:17 371,712 ----a-w C:\Windows\System32\srcore.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\System32\srcore.dll
- 2006-11-02 12:36:17 16,384 ----a-w C:\Windows\System32\srdelayed.exe
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\System32\srdelayed.exe
+ 1998-07-12 21:00:00 21,504 ----a-w C:\Windows\System32\TABCTFR.DLL
+ 2007-12-22 18:12:34 2,048 ----a-w C:\Windows\System32\tzres.dll
- 2008-02-13 17:56:45 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
- 1998-07-12 21:00:00 119,568 ----a-w C:\Windows\System32\VB6FR.DLL
+ 2000-10-01 17:00:00 119,568 ----a-w C:\Windows\System32\VB6FR.DLL
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\System32\vga.drv
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\System32\wbem\WmiApRes.dll
- 2008-04-07 09:53:22 6,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1447173497-358764316-3750989918-1000_UserData.bin
+ 2008-05-01 08:33:02 7,334 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1447173497-358764316-3750989918-1000_UserData.bin
- 2008-04-07 09:53:21 79,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-01 08:33:02 80,578 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-07 09:53:18 43,378 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-01 08:54:37 44,576 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-27 17:32:11 211,342 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-01 08:29:58 227,620 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2007-12-24 08:39:24 2,027,008 ----a-w C:\Windows\System32\win32k.sys
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\System32\win32k.sys
- 2008-02-13 17:56:46 824,832 ----a-w C:\Windows\System32\wininet.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\System32\wininet.dll
- 2008-02-13 18:04:19 943,800 ----a-w C:\Windows\System32\winload.exe
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\System32\winload.exe
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\System32\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\System32\WINSPOOL.EXE
+ 2005-02-24 09:51:38 348,160 ----a-w C:\Windows\System32\WMAFile.dll
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\System32\wmerror.dll
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\System32\WOWDEB.EXE
- 2008-03-12 13:12:51 122,478 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-09 15:19:54 32,038,814 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll
+ 2007-09-13 02:27:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\AcRes.dll
+ 2007-09-13 02:32:39 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16444_none_0a14b72ff542b5ae\AcRes.dll
+ 2007-09-13 02:46:42 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16485_none_09ea77c9f5623ec9\AcRes.dll
+ 2008-02-13 18:01:24 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16633_none_0a1e8a9df53b7ab4\AcRes.dll
+ 2007-09-13 02:27:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20524_none_0ab3f3d30e501d96\AcRes.dll
+ 2007-09-13 02:32:39 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20543_none_0a9d53b10e613c21\AcRes.dll
+ 2007-09-13 02:46:42 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20597_none_0a6b453d0e862d32\AcRes.dll
+ 2008-02-13 18:01:23 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20762_none_0a86b75b0e7254fa\AcRes.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
+ 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-agent0409_31bf3856ad364e35_6.0.6000.16386_none_cba6dc9d9ccc4898\AgtUI.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-02-13 18:04:19 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-02-13 18:04:19 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6000.16386_none_b442caae9d1904a7\dfsrres.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll
+ 2007-09-13 02:44:03 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16483_none_130d95820ca9b131\tzres.dll
+ 2007-12-22 18:12:34 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzres.dll
+ 2007-09-13 02:44:03 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20594_none_138d62ab25ce8643\tzres.dll
+ 2007-12-22 18:12:34 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzres.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2007-09-13 02:55:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2007-09-13 02:55:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2006-11-02 12:36:24 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6000.16386_none_7eea120bb51aecf6\iismui.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16386_none_9a286d400fd699af\mferror.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16386_none_a57f2ea4437cfc78\asferror.dll
+ 2007-12-24 08:37:45 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\asferror.dll
+ 2007-12-24 08:37:45 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\asferror.dll
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.0.6000.16386_none_351e30f1ba0b5cbe\wmerror.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll
+ 2007-09-13 02:52:52 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16500_none_8688000e99af9424\msxml3r.dll
+ 2007-09-13 02:52:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20613_none_8709cdcbb2d29be4\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll
+ 2007-09-13 02:51:56 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25\msxml6r.dll
+ 2007-09-13 02:51:56 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20582_none_86bcd7cfb30c95e0\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_95425ac284e42b43\SampleRes.dll
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penusa.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchui.dll
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6000.16386_none_3d7550f9c9692474\IPSEventLogMsg.dll
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-pentraining_31bf3856ad364e35_6.0.6000.16386_none_dfb8647a7b1e856b\PTRes.dll
+ 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-touchtraining_31bf3856ad364e35_6.0.6000.16386_none_c41ca1245ce8094b\TTRes.dll
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6000.16386_none_e12e74ad149badfc\rnr20.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsm.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsy.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smimsgif.dll
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16386_none_76336ee89b768fbf\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16386_none_c6c5835b4cd99252\ServiceModelInstallRC.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6739D9F3-429C-426E-9A92-03AB591D8EF0}]
2008-04-30 12:59 283136 --a------ C:\Users\max\AppData\Local\Temp\qoMDTjHx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:15 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 04:34 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 13:26 4702208 C:\Windows\RtHDVCpl.exe]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-09-07 15:38 561152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 06:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 06:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 06:21 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 14:31:34 2756608]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-20 22:05:57 1214032]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\rqRKEVOH.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\max\AppData\Local\Temp\qoMDTjHx

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{083BFF5B-2E95-478C-B1F6-5DA7B41B0905}"= C:\Program Files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{6A7EFED3-7857-446C-9E42-5C0D8C4B4780}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E273B664-20A1-45CD-8567-89A96EC8A03C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9808D2D-A387-45CC-BCF9-7A60622DB8CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1280DF18-AF25-414A-9FEE-B694D49491A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F30D15A4-79B9-497C-A384-299808FBA974}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2EAFC22-98E2-4804-9B3D-BDD2BF9B99EB}"= UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{C84C31CA-C957-4A8A-8DAC-695DB446D2A2}"= TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{7E8051FD-0CB9-4DF9-90EA-CEAA5A49D4B2}"= UDP:D:\Jeux\Assassin creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2DB918B4-AFB1-4FEB-A174-651BCA954655}"= TCP:D:\Jeux\Assassin creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4929A53E-D713-4F1C-9132-56FF31FB35E8}"= UDP:D:\Jeux\Assassin creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A617E62D-D688-4B30-A630-C4459A107E75}"= TCP:D:\Jeux\Assassin creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{94C00209-5504-4D0C-A0B6-8EC7BBF1EE88}"= UDP:D:\Jeux\Assassin creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8B02FDE4-D28B-4939-952B-2FE3A1CA8B17}"= TCP:D:\Jeux\Assassin creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8E99E427-F556-4597-AC74-8321FE8993F4}"= UDP:D:\Jeux\CRYSIS\Bin32\Crysis.exe:Crysis_32
"{5B90E519-3EA3-46BE-9A30-E907A6754F97}"= TCP:D:\Jeux\CRYSIS\Bin32\Crysis.exe:Crysis_32
"{3F92C57A-39C6-43BF-8385-64267D4E8426}"= UDP:D:\Jeux\CRYSIS\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{D97D353C-CDBB-42E8-8E47-522D465C2899}"= TCP:D:\Jeux\CRYSIS\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7C649D9F-A7F9-4D07-AA13-D318A36BCE06}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{444103CC-B055-4144-A0FE-7E258CF720F3}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4D6B5A98-83BC-45F2-8EBC-D02AA80BEDDF}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{2A2D0499-3ABC-4C28-A671-3F13372DB2E6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{0919594E-BA77-4BE0-B5DB-95A6CA12152F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{12EE0B75-514D-4F19-98B8-C376E62FF5DE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2006-11-17 10:57]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-01-10 17:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a3156a-ef93-11dc-a5c4-0019dbecd7c9}]
\shell\AutoRun\command - F:\autorun.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:18:57
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\max\AppData\Local\Toshiba\BluetoothStack\V1.0\SDP00261.sdb 2863 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\lsass.exe
-> C:\Users\max\AppData\Local\Temp\qoMDTjHx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 13:21:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 11:21:20
ComboFix2.txt 2008-04-07 10:48:30

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

624 --- E O F --- 2008-04-09 15:21:02

Il me disait de ne démarrer aucun programme mais quelques logiciels se lancent au démarrage ^^' je les ai vite fermés en espérant que cela n'a pas changé le rapport.

-Voila le nouveau HijackThis (PS: je n'ai plus de fenetres de dll manquante):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:12, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\Explorer.exe
D:\APPLIC~1\MOZZIL~1\FIREFOX.EXE
C:\Users\max\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6739D9F3-429C-426E-9A92-03AB591D8EF0} - C:\Users\max\AppData\Local\Temp\qoMDTjHx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6925 bytes

oui c est en telechargeant un truc que tu t est fait infecter!



Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!



Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

[*]Double-clique sur OTMoveIt.exe pour le lancer.
[*]Assure toi que la case "Unregister Dll's and Ocx's" [u]soit bien cochée !!![/u]
[*]Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

C:\Users\max\AppData\Local\Temp\qoMDTjHx.dll

[*]Clique sur MoveIt! pour lancer la suppression.
[*]Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
[*]Redémarre ton PC

[*]Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

remet un hijackthis aussi