Aller au contenu


Photo
- - - - -

Trojan « police nationale »


  • Veuillez vous connecter pour répondre
17 réponses à ce sujet

#1 zouille

zouille

    Junior Member

  • Membres
  • 9 messages

Posté 11 octobre 2011 - 02:23

Bonjour,
Comme d'autres j'ai été infecté, un message bloque mon ordinateur dés l'allumage. Sous pretexte de connexion à des sites pédophiles, la "police nationale" me demande de payer une somme en ligne.
J'ai effectué un nettoyage Ccleaner, un scan MBAM qui a détecté plusieurs problémes et les a supprimés avec succés. Pourtant le probléme n'est pas reglé.
J'ai donc lancé une analyse avec ZHPdiag. Pouvez-vous m'aider? J'ai mis le rapport sur rapport zhp
Merci.

Modifié par zouille, 11 octobre 2011 - 02:23 .

  • 0

PUBLICITÉ

    Annonces Google

#2 nardino

nardino

    Full Patch Member

  • Equipe Sécurité
  • 1859 messages

Posté 11 octobre 2011 - 02:43

Bonjour.
Une remarque préalable : CCleaner n'est pas un outil de désinfection, qu'on se le dise une bonne fois pour toutes.
Autre chose importante, ton disque dur C: arrive à saturation, il faut penser à faire de la place dessus.
Tu es vicitime d'un ransomware.
Fais une analyse avec un antivirus en live cd.
http://rue-du-montce...us_20liveCD.pdf

Lance ZHPFix par l'icône sur le bureau, avec élévation des privilèges pour Vista et Windows 7.
Clique sur l'icône à gauche du A rouge pour importer le rapport ZHPDiag.
Une fois celui-ci affiché, clique sur OK.
Le rapport va défiler et des cases vont apparaitre devant toutes les lignes.
Coche les suivantes :

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} . (...)
O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
[HKLM\Software\Classes\need2findbar.settingsplugin]
[HKLM\Software\Classes\need2findbar.settingsplugin.1]
[HKLM\Software\Classes\need2findbar.toolbarplugin]
[HKLM\Software\Classes\need2findbar.toolbarplugin.1]
[HKLM\Software\Classes\rxresult.rxresulttracker]
[HKLM\Software\Classes\rxresult.rxresulttracker.1]
[HKLM\Software\Classes\signingmodule.signingmodule]
[HKLM\Software\Classes\signingmodule.signingmodule.1]
[HKLM\Software\Need2Find]
[HKLM\Software\titan poker]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\need2findbar uninstall]


Clique sur le bouton Nettoyer .
Poste le rapport obtenu.
Le tutoriel outils_zhpfix

@+

Kazaa, Limewire, emule et bittorrent, c'est peut-être un peu beaucoup pour télécharger des distributions Linux ?
P2P (par Tesgaz)
P2P (par Ogu)
  • 0

#3 zouille

zouille

    Junior Member

  • Membres
  • 9 messages

Posté 11 octobre 2011 - 06:07

Ok merci,
j'ai fait l'analyse avec le live CD. Par contre je n'ai pas trouvé toutes les lignes dans le rapport de ZHP, de plus celui ci était constamment interrompu par une fenêtre "violation de ZHPfix.exe". J'ai supprimé ce que j'ai pu.
Quand à Kazaa, limewire et emule et bitorrent cela fait longtemps que je n'ai plus besoin d'updates d'ubuntu et que je ne m'en sert plus. J'avais d'ailleurs essayé de les désinstaller complétement sans succés (véridique).


Rapport de ZHPFix 1.12.3363 par Nicolas Coolman, Update du 05/10/2011
Fichier d'export Registre :
Run by Administrateur at 11/10/2011 19:05:45
Windows XP Home Edition Service Pack 2 (Build 2600)
Web site : ZHPFix Fix de rapport

Err :510
SUPPRIME O42 - Logiciel: Bureau Médias de Kazaa 2.6.7 - (.Pas de propriétaire.) [HKLM] -- {78903C42-CB0C-4B35-91A1-D4DEDD91F8CB}
SUPPRIME O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall

Err :510
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78903C42-CB0C-4B35-91A1-D4DEDD91F8CB}]
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall]
SUPPRIME Key: HKLM\Software\BitTorrent
SUPPRIME Key: HKLM\Software\Kazaa
SUPPRIME Key: HKLM\Software\Need2Find
SUPPRIME Key: HKLM\Software\P2P Networking
SUPPRIME Key: HKLM\Software\Titan Poker

Err :510
ERREUR CLSID PAPP: {2AB289AE-4B90-4281-B2AE-1F4BB034B647}


Err :510
7 : Clé(s) du Registre
1 : Elément(s) de donnée du Registre
2 : Logiciel(s)


End of clean in 00mn 24s

Err :510
C:\ZHP\ZHPFix[R1].txt - 11/10/2011 19:05:45 [1291]
  • 0

#4 nardino

nardino

    Full Patch Member

  • Equipe Sécurité
  • 1859 messages

Posté 11 octobre 2011 - 07:01

Bonsoir
Comment vont les choses maintenant ?
@+
  • 0

#5 zouille

zouille

    Junior Member

  • Membres
  • 9 messages

Posté 11 octobre 2011 - 07:49

Bonsoir,

J'ai finalement réussi à supprimer les lignes:

[HKLM\Software\Classes\need2findbar.settingsplugin]
[HKLM\Software\Classes\need2findbar.settingsplugin.1]
[HKLM\Software\Classes\need2findbar.toolbarplugin]
[HKLM\Software\Classes\need2findbar.toolbarplugin.1]
[HKLM\Software\Classes\rxresult.rxresulttracker]
[HKLM\Software\Classes\rxresult.rxresulttracker.1]
[HKLM\Software\Classes\signingmodule.signingmodule]
[HKLM\Software\Classes\signingmodule.signingmodule.1]

Quand je démarre normalement le ransomware revient à la charge et m'empêche de faire quoi que ce soit. Je suis obligé de déconnecter l'alim pour l'éteindre et redémarrer en mode sans échec.
  • 0

#6 nardino

nardino

    Full Patch Member

  • Equipe Sécurité
  • 1859 messages

Posté 11 octobre 2011 - 09:44

Bonsoir
Fais un scan avec un antivirus en live cd.
Antivirus liveCD.pdf
@+
  • 0

#7 zouille

zouille

    Junior Member

  • Membres
  • 9 messages

Posté 12 octobre 2011 - 04:59

Bonjour,
J'ai donc fait le scan en live CD.
J'ai ensuite redémarré, toujours le même problême, cette fois l'ordinateur est resté un peu plus longtemps utilisable et puis de nouveau l'écran du ransomware.
  • 0

#8 nardino

nardino

    Full Patch Member

  • Equipe Sécurité
  • 1859 messages

Posté 12 octobre 2011 - 06:43

Bonsoir
Refais le scan avec le liveCD et une fois redémarré, enchaîne avec un scan Malwarebytes.
Puis, télécharge Combofix
http://download.blee...Bs/ComboFix.exe

IMPORTANT. Enregistre ComboFix.exe sur le Bureau
.
Désactive les applications antivirus et anti-malware résidentes, en général via un clic droit sur l'icône de la Zone de notification.
Sinon, elles risquent d'interférer avec l'outil.
Fais un double clic sur l'icône et suis les invites.
Image IPB

Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur le PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui permet d'aider plus facilement si jamais l'ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.

IMPORTANT : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Image IPB

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, le message suivant apparaitra :

Image IPB

Clique sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

Lorsque l'outil aura terminé, il affichera un rapport.
Surtout ne lance aucune application pendant le scan et après le redémarrage parfois nécessaire et provoqué.
Attends l'affichage du rapport
Copie le contenu dans ta prochaine réponse.
Il sera enregistré sous C:\Combofix.txt
@+
  • 0

#9 zouille

zouille

    Junior Member

  • Membres
  • 9 messages

Posté 09 novembre 2011 - 07:43

Bonsoir,
Me voici de retour après un long moment. Mon problème n'est toujours pas résolu et si j'ai autant tardé c'est parce-que je n'ai pas eu accès à internet ces dernieres semaines (je suis en plein déménagement), or une connection m'était nécessaire pour télécharger la console de récupération windows.
J'ai suivi les indications que tu m'as donné : j'ai installé et exécuté Combofix. A la fin de l'opération, Combofix a automatiquement redémarré l'ordinateur et aussitôt le ransomware a de nouveau bloqué mon écran. Du coup, je ne sais pas si Combofix a pu s'exécuter jusqu'au bout. Que faire ?
Ci dessous, le rapport de Combofix :

ComboFix 11-10-20.08 - Administrateur 21/10/2011 10:20:13.2.1 - x86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.775 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\LocalService\UserData\3FXJ7XWW
C:\Documents and Settings\Rebecca\WINDOWS
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\Uninstall.ini


((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((((((( Fichiers créés du 2011-09-21 au 2011-10-21 ))))))))))))))))))))))))))))))))))))


2011-10-11 13:19:33 . 2011-10-11 17:43:21 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-10-11 13:15:24 . 2011-10-11 18:47:27 -------- d-----w- C:\ZHP
2011-10-11 13:15:11 . 2011-10-11 17:43:19 -------- d-----w- C:\Program Files\ZHPDiag
2011-10-10 19:52:55 . 2011-10-10 19:53:10 -------- d-----w- C:\Program Files\CCleaner
2011-10-10 18:18:47 . 2011-10-21 07:47:27 -------- d-----w- C:\Documents and Settings\Administrateur
2011-10-09 20:41:59 . 2011-10-09 20:41:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-10-09 20:41:54 . 2011-10-09 20:42:04 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-09 20:41:54 . 2011-08-31 15:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))



------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.























[-] 2008-04-14 02:33:28 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kernel32.dll
[7] 2007-04-16 16:11:08 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] . . C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2007-04-16 15:53:11 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\system32\kernel32.dll
[7] 2007-04-16 15:53:11 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
[7] 2006-07-05 10:58:13 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945 (xpsp.060704-2357)] . . C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2006-07-05 10:56:38 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)] . . C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-05 12:00:00 . 7830E20C74611281B1BDAE5888CD50F5 . 1048576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 02:33:28 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\linkinfo.dll
[7] 2005-09-01 01:46:30 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751 (xpsp.050831-1531)] . . C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[7] 2005-09-01 01:43:37 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\system32\linkinfo.dll
[7] 2004-08-05 12:00:00 . 9D21BC0235494F2B403026A1D3619E00 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 02:33:28 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lpk.dll
[7] 2004-08-05 12:00:00 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\lpk.dll

[7] 2008-06-25 04:26:28 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[7] 2008-06-23 16:15:39 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\mshtml.dll
[7] 2008-06-23 16:15:39 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\dllcache\mshtml.dll
[7] 2008-06-23 15:10:27 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[7] 2008-04-21 06:57:22 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
[7] 2008-04-21 06:43:36 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[7] 2008-04-21 06:30:24 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 02:33:31 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mshtml.dll
[7] 2008-02-16 09:31:59 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
[7] 2007-12-07 00:47:18 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
[7] 2007-10-30 09:57:54 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243 (xpsp_sp2_qfe.071029-1244)] . . C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
[7] 2007-08-22 12:57:28 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
[7] 2007-06-15 08:12:44 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] . . C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
[7] 2007-05-04 12:59:57 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] . . C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
[7] 2007-01-04 14:02:10 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB933566$\mshtml.dll
[7] 2006-10-23 15:34:38 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\mshtml.dll
[-] 2006-07-28 11:30:59 . DC9A660A7E39F90903B79E893B121FC9 . 3079168 . . [6.00.2900.2963 (xpsp.060728-0003)] . . C:\WINDOWS\$NtUninstallKB925454$\mshtml.dll
[7] 2006-05-19 15:07:57 . D8952C9B9C9A9C6B480A4DFC506313D4 . 3076096 . . [6.00.2900.2912 (xpsp.060519-0021)] . . C:\WINDOWS\$NtUninstallKB918899$\mshtml.dll
[7] 2006-03-23 20:32:00 . AC77AAD0D3F9D6490F7B5F697DDAD483 . 3076608 . . [6.00.2900.2873 (xpsp.060322-1626)] . . C:\WINDOWS\$NtUninstallKB916281$\mshtml.dll
[7] 2005-11-24 00:08:35 . 2976260E57E506A162D8BBA87B520961 . 3013632 . . [6.00.2900.2802 (xpsp_sp2_gdr.051123-1230)] . . C:\WINDOWS\$NtUninstallKB912812$\mshtml.dll
[7] 2005-11-23 23:52:32 . 6D215267660530629AE04032B7FFC610 . 3016192 . . [6.00.2900.2802 (xpsp.051123-1236)] . . C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[7] 2005-10-05 00:51:10 . 172E3CF0EF82C9A5B54621E536F0121B . 3015680 . . [6.00.2900.2769 (xpsp.051004-1419)] . . C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[7] 2005-10-04 16:26:06 . 0DF7AE0A8A3F52934FF026F7E1C28183 . 3013120 . . [6.00.2900.2769 (xpsp_sp2_gdr.051004-1415)] . . C:\WINDOWS\$NtUninstallKB905915$\mshtml.dll
[7] 2005-05-02 20:58:35 . D73E130276025BA9839FAB4B1A3137CA . 3012608 . . [6.00.2900.2668 (xpsp.050430-1553)] . . C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[7] 2005-05-02 11:57:12 . 2F0CE851CF44801A80BBCDB9F2FBCC38 . 3011072 . . [6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)] . . C:\WINDOWS\$NtUninstallKB896688$\mshtml.dll
[7] 2004-08-05 12:00:00 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB883939$\mshtml.dll

[-] 2008-04-14 02:33:33 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msvcrt.dll
[-] 2008-04-14 02:30:54 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2004-08-05 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[7] 2004-08-05 12:00:00 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\msvcrt.dll
[7] 2004-08-05 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-05 12:00:00 . 5C53FCABF891ECDC7156544E5B03FE71 . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-04-14 02:33:33 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mswsock.dll
[7] 2004-08-05 12:00:00 . CCDD3433F3C3BD0D8502B38FD155B2F0 . 247808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\mswsock.dll

[-] 2008-04-14 02:33:34 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
[7] 2004-08-05 12:00:00 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\netlogon.dll

[-] 2008-04-14 02:33:38 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\powrprof.dll
[7] 2004-08-05 12:00:00 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\powrprof.dll

[-] 2008-04-14 02:33:40 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll
[7] 2004-08-05 12:00:00 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\scecli.dll

[-] 2008-04-14 02:33:41 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfc.dll
[7] 2004-08-05 12:00:00 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfc.dll

[-] 2008-04-14 02:34:23 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe
[7] 2004-08-05 12:00:00 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\svchost.exe

[-] 2008-04-14 02:33:46 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tapisrv.dll
[7] 2005-07-08 16:30:34 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716 (xpsp.050707-1657)] . . C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[7] 2005-07-08 16:28:58 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\system32\tapisrv.dll
[7] 2004-08-05 12:00:00 . 2490CAE37DB8B6EC55E7A9415473D0AB . 246272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 02:33:48 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
[7] 2007-03-08 15:50:30 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] . . C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2007-03-08 15:37:50 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\system32\user32.dll
[7] 2007-03-08 15:37:50 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\system32\dllcache\user32.dll
[7] 2005-03-02 18:20:32 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2005-03-02 18:10:36 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[7] 2004-08-05 12:00:00 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 02:34:26 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
[7] 2004-08-05 12:00:00 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\userinit.exe

[7] 2008-06-23 16:15:44 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\wininet.dll
[7] 2008-06-23 16:15:44 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\dllcache\wininet.dll
[7] 2008-06-23 15:10:27 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:56:26 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-04-21 06:57:27 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 06:43:36 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:30:24 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 02:33:48 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
[7] 2008-02-16 09:32:00 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
[7] 2007-12-07 00:47:21 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
[7] 2007-10-11 05:59:29 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231 (xpsp_sp2_qfe.071010-1316)] . . C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
[7] 2007-08-22 12:57:30 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
[7] 2007-06-26 14:36:02 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] . . C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
[7] 2007-04-18 12:44:43 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] . . C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
[7] 2007-01-04 14:02:18 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
[7] 2006-10-23 15:34:38 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
[7] 2006-06-23 11:25:42 . 582953780721AC5D38F98CAB229EC7B9 . 668672 . . [6.00.2900.2937 (xpsp.060623-0011)] . . C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
[7] 2006-05-10 05:26:50 . 44FCC339191ADB8892520DFA473C455F . 667648 . . [6.00.2900.2904 (xpsp.060509-0230)] . . C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
[7] 2006-03-04 04:00:31 . 241DBC4C2714B2F39AFDED49459ED420 . 667648 . . [6.00.2900.2861 (xpsp.060303-1528)] . . C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
[7] 2005-10-21 03:41:05 . E41E8FDF62CF20F2E2B16D800D96EB51 . 662528 . . [6.00.2900.2781 (xpsp_sp2_gdr.051020-1730)] . . C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
[7] 2005-10-21 03:39:19 . D327378CEEF9A141C7352691FC30A0DA . 665600 . . [6.00.2900.2781 (xpsp.051020-1728)] . . C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2005-09-03 00:08:21 . 031CA1310E4CB23E5A4F747D763D0B49 . 664576 . . [6.00.2900.2753 (xpsp.050902-1331)] . . C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-09-03 00:06:12 . A2DD7EC3AC1EAD13F65E2898FCABBD1A . 662528 . . [6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)] . . C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
[7] 2005-05-02 20:58:35 . 0996B57CC2ABCB271872296E98A18DB2 . 663040 . . [6.00.2900.2668 (xpsp.050430-1553)] . . C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-05-02 20:57:12 . FFE3E6FB8D52955A2DE4C6CC765B02BC . 662016 . . [6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)] . . C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
[7] 2004-08-05 12:00:00 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB883939$\wininet.dll

[-] 2008-04-14 02:33:49 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll
[7] 2004-08-05 12:00:00 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ws2_32.dll

[-] 2008-04-14 02:33:49 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2help.dll
[7] 2004-08-05 12:00:00 . CB99D66483437E06286D4401A151D4E4 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ws2help.dll

[-] 2008-04-14 02:34:03 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[7] 2007-06-13 13:22:28 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\explorer.exe
[7] 2007-06-13 13:22:28 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\system32\dllcache\explorer.exe
[7] 2007-06-13 13:10:53 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-05 12:00:00 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 02:34:19 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\regedit.exe
[7] 2004-08-05 12:00:00 . 47D9746DB5064D95DFB0E4D88A10C540 . 153088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\regedit.exe
[7] 2004-08-05 12:00:00 . 47D9746DB5064D95DFB0E4D88A10C540 . 153088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\I386\REGEDIT.EXE

[-] 2008-04-14 02:33:38 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ole32.dll
[7] 2005-07-26 04:40:00 . 1C43C758C54C768250107F4C5D7CA054 . 1284608 . . [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] . . C:\WINDOWS\system32\ole32.dll
[7] 2005-07-26 04:29:37 . EED987351DDEB1B8AE7892A9AAEFF453 . 1285632 . . [5.1.2600.2726 (xpsp.050725-1531)] . . C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
[7] 2005-04-28 19:32:30 . 7DB31F7A40BDC4DFA9EF416676168403 . 1284608 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
[7] 2005-04-28 10:36:10 . A3063BE774D14B14ECC358D468821015 . 1286144 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
[7] 2005-01-14 05:08:27 . 19E13AD50259E7178D912F7519ADD5ED . 1284608 . . [5.1.2600.2595 (xpsp.041130-1728)] . . C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2005-01-13 22:56:44 . 69F06E45377430C3C002AE3655A24D28 . 1284608 . . [5.1.2600.2595 (xpsp_sp2_gdr.041130-1729)] . . C:\WINDOWS\$NtUninstallKB894391$\ole32.dll
[7] 2004-08-05 12:00:00 . A2AD7FCB806A2035F506664883F45B32 . 1281024 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB873333$\ole32.dll

[-] 2008-04-14 02:33:48 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\usp10.dll
[7] 2004-08-05 12:00:00 . A879230B5B7CC091EAA3680EBBA262CE . 406528 . . [1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\usp10.dll

[-] 2008-04-14 02:33:28 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ksuser.dll
[7] 2004-08-03 22:54:30 . 30648B4925A6797C05B364F64C3FB86A . 4096 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ksuser.dll

[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\srsvc.dll
[7] 2004-08-05 12:00:00 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\srsvc.dll

[-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wscntfy.exe
[7] 2004-08-05 12:00:00 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\wscntfy.exe

[-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\xmlprov.dll
[7] 2004-08-05 12:00:00 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\xmlprov.dll

[-] 2008-04-14 02:33:24 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll
[7] 2004-08-05 12:00:00 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\eventlog.dll

[-] 2008-04-14 02:33:41 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfcfiles.dll
[7] 2004-08-05 12:00:00 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll

[-] 2008-04-14 02:33:59 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
[7] 2004-08-05 12:00:00 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ctfmon.exe

[-] 2008-04-14 02:33:41 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\shsvcs.dll
[7] 2006-12-19 21:49:47 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\shsvcs.dll
[7] 2006-12-19 21:49:47 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
[7] 2006-12-19 21:48:29 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-05 12:00:00 . B590E69A45AE8FCBF7DDADE89CCE3588 . 135168 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 02:33:39 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\regsvc.dll
[7] 2004-08-05 12:00:00 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\regsvc.dll

[-] 2008-04-14 02:33:40 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\schedsvc.dll
[7] 2004-08-05 12:00:00 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\schedsvc.dll

[-] 2008-04-14 02:33:46 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ssdpsrv.dll
[7] 2004-08-05 12:00:00 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ssdpsrv.dll

[-] 2008-04-14 02:33:46 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll
[7] 2004-08-05 12:00:00 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\termsrv.dll

[-] 2008-04-14 02:33:26 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\hnetcfg.dll
[7] 2004-08-05 12:00:00 . 9D39911675347318C17C68B2EA30CF2F . 347648 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\hnetcfg.dll

[7] 2004-08-05 12:00:00 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\aec.sys
[7] 2006-02-15 00:30:07 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
[7] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\Driver Cache\i386\aec.sys
[7] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\system32\drivers\aec.sys
[7] 2004-08-03 20:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys
[7] 2004-08-05 12:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:33:28 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mfc40u.dll
[7] 2006-11-01 19:18:42 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\mfc40u.dll
[7] 2006-11-01 19:18:42 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
[7] 2004-08-05 12:00:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 02:33:31 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msgsvc.dll
[7] 2004-08-05 12:00:00 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\msgsvc.dll

[7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\system32\MsPMSNSv.dll
[7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[7] 2004-08-05 12:00:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 02:07:26 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntkrnlpa.exe
[7] 2007-02-28 16:08:25 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
[7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\ntkrnlpa.exe
[7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
[7] 2006-12-19 18:45:35 . 8B039EFBE4C9AA23F152FFA0E238B8FA . 2061440 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 18:22:38 . 06015D137B02542F07D5CD7B144DF942 . 2059648 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 18:07:56 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2005-03-02 08:13:14 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-05 12:00:00 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:33:36 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntmssvc.dll
[7] 2004-08-05 12:00:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . C:\WINDOWS\system32\ntmssvc.dll

[-] 2008-04-14 02:33:48 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\upnphost.dll
[7] 2007-02-05 20:20:56 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] . . C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[7] 2007-02-05 20:19:06 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\system32\upnphost.dll
[7] 2007-02-05 20:19:06 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\system32\dllcache\upnphost.dll
[7] 2004-08-05 12:00:00 . 168AE9938F6BE31D198AF92496CCFA33 . 185344 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 02:33:23 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\dsound.dll
[7] 2004-08-05 12:00:00 . 0AE00CA307264649EE2F5FC1CB1B0F1F . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\dsound.dll

[-] 2008-04-14 02:33:22 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\d3d9.dll
[7] 2004-08-05 12:00:00 . EA9F86E5892D85E282311C53083903DC . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\d3d9.dll

[-] 2008-04-14 02:33:22 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ddraw.dll
[7] 2004-08-05 12:00:00 . 20A4E9DA85A1FF521AC5325FC3BADDF9 . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ddraw.dll

[-] 2008-04-14 02:33:38 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\olepro32.dll
[7] 2004-08-05 12:00:00 . 5860F5A42B67EC8BBB5AA3CE7ABC9976 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\system32\olepro32.dll

[-] 2008-04-14 02:33:38 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\perfctrs.dll
[7] 2004-08-05 12:00:00 . 719682744477D57B30248F4479EE8D0D . 42496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\perfctrs.dll

[-] 2008-04-14 02:33:48 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\version.dll
[7] 2004-08-05 12:00:00 . 8B142E6DAC3BD370637E8AF6E87C2321 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\version.dll

[-] 2008-04-14 02:34:06 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\iexplore.exe

[-] 2008-04-14 02:08:03 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntoskrnl.exe
[7] 2007-02-28 16:08:21 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\ntoskrnl.exe
[7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[7] 2006-12-19 18:45:29 . 1F3FA2065E6E043A1D82A487B5DA309C . 2184064 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 18:22:38 . D27929DB7B7F92F9D0F8EC9BA01C601C . 2182400 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 18:13:23 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 18:08:06 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-05 12:00:00 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\srsvc.dll
[7] 2004-08-05 12:00:00 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\srsvc.dll

[-] 2008-04-14 02:33:48 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\w32time.dll
[7] 2004-08-05 12:00:00 . FB89C8B1D6A3C260A39669320C5D5827 . 177664 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\w32time.dll

[-] 2008-04-14 02:33:48 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wiaservc.dll
[7] 2006-12-19 18:48:57 . A3FFA6A33BAAB25849FBE10392B3D9AD . 334336 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[7] 2006-12-19 18:17:50 . FE705FAE1E50436B06D7558D6A4E247E . 334336 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\wiaservc.dll
[7] 2006-12-19 18:17:50 . FE705FAE1E50436B06D7558D6A4E247E . 334336 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\dllcache\wiaservc.dll
[7] 2004-08-05 12:00:00 . 52B7EC594152429DABA1261B2B68CA01 . 333824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll

[-] 2008-04-14 02:33:29 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\midimap.dll
[7] 2004-08-05 12:00:00 . 5A9D6D36574FD4BBA06973B772DD7C7D . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\midimap.dll

[-] 2008-04-14 02:33:39 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\rasadhlp.dll
[7] 2006-06-26 17:47:08 . 38E8C06699352BD2EE9C3FA188650B68 . 7680 . . [5.1.2600.2938 (xpsp.060626-0041)] . . C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[7] 2006-06-26 17:41:32 . 8371B4298101DA53BBE7AA3759299F49 . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\system32\rasadhlp.dll
[7] 2006-06-26 17:41:32 . 8371B4298101DA53BBE7AA3759299F49 . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\system32\dllcache\rasadhlp.dll
[7] 2004-08-05 12:00:00 . DE86B64A569ECB73891BCE6B7D4D078B . 8192 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43:46 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 11:16:08 1833296]
"vasja"="C:\Program Files\SeaMonkey\0.6878730270425663.exe" [2011-10-09 18:43:48 280322]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 08:21:28 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 07:56:00 6746112]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 04:25:30 14720000]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 05:56:44 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 14:46:58 45056]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 05:33:42 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 03:51:24 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 12:12:34 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 05:33:46 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 05:33:40 77824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 08:05:20 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-28 20:18:23 149280]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45:42 36040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 22:08:18 417792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-02-15 17:07:02 141608]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 18:56:16 1230704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00:00 15360]

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-8-24 778240]
  • 0

#10 nardino

nardino

    Full Patch Member

  • Equipe Sécurité
  • 1859 messages

Posté 10 novembre 2011 - 06:27

Bonsoir
Image IPB Télécharge ZHPDiag de Nicolas Coolman sur ton bureau, à partir du lien suivant

Image IPB Décompresse le fichier téléchargé et lance l'icône ZHPDiag
Image IPB Dans l'interface clique sur la loupe en haut dans la barre d'outil.
Une fois l'analyse complète terminée un fichier ZHPDiag.txt sera enregistré sur le bureau, tu l'héberges sur Cjoint
Image IPB Tu me communiques le lien obtenu dans ta réponse.

Deux tutos si nécessaire.
ZHPDiag
Cjoint
@+
  • 0