fastRX.dll

bonsoir

tu es bien infecté...

1

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

2

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

Poste un nouveau rapport Hijackthis avec.

est-ce normal que cela dur si longtemps? cela fait un petit quart d'heure que le programme tourne...

laisse le tourner  

d'apres ton expérience a tu une idée du temps qu'il me reste?

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 0:11:05 30/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\tmp24.tmp.dll
C:\WINDOWS\system32\tmpA2.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmp24.tmp.dll
C:\WINDOWS\system32\tmp24.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmpA2.tmp.dll
C:\WINDOWS\system32\tmpA2.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!






















voici le rapport... je continue les instruction...

"laurent" - 2007-07-30 2:10:17 [GMT 2:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmnkjgg.dll
C:\WINDOWS\byvwvt.dll
C:\WINDOWS\byyawv.dll
C:\WINDOWS\byyxxx.dll
C:\WINDOWS\effcdb.dll
C:\WINDOWS\geeede.dll
C:\WINDOWS\hggefd.dll
C:\WINDOWS\jkhggh.dll
C:\WINDOWS\mlijgf.dll
C:\WINDOWS\opomjk.dll
C:\WINDOWS\rqrqpp.dll
C:\WINDOWS\vtuust.dll
C:\WINDOWS\vtuvtr.dll
C:\WINDOWS\tvwvyb.ini
C:\WINDOWS\vwayyb.ini
C:\WINDOWS\xxxyyb.ini
C:\WINDOWS\bdcffe.ini
C:\WINDOWS\edeeeg.ini
C:\WINDOWS\dfeggh.ini
C:\WINDOWS\hgghkj.ini
C:\WINDOWS\fgjilm.ini
C:\WINDOWS\kjmopo.ini
C:\WINDOWS\ppqrqr.ini
C:\WINDOWS\tsuutv.ini
C:\WINDOWS\rtvutv.ini
C:\WINDOWS\system32\batd32.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\autres\APPLIC~1\ShoppingReport
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\laurent\APPLIC~1\ShoppingReport\cs\res1\WhiteList.dbs
C:\DOCUME~1\laurent\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp129.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp13.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp14.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp14A.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp14B.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1A.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1A7.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1A8.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1BB.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1C.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp1E.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp2.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp23.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp24.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp26.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp2E.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp31.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp32.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp4.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp50.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp52.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp6.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp6C.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp6E.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp6F.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp7.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp71.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp72.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp73.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp74.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp77.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp7D.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp7F.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp91.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp93.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp94.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp96.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp97.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp99.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmp9F.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpA.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpA0.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpA2.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpA6.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpAA.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpC.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpC7.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpD.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpE.tmp.exe
C:\DOCUME~1\laurent\APPLIC~1\tmpF.tmp.exe
C:\DOCUME~1\laurent\Bureau\internet.lnk
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\dne43b58a5.dat
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\tmp10.tmp.dll
C:\WINDOWS\system32\tmp14B.tmp.dll
C:\WINDOWS\system32\tmp1A8.tmp.dll
C:\WINDOWS\system32\tmp1C.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2E.tmp.dll
C:\WINDOWS\system32\tmp50.tmp.dll
C:\WINDOWS\system32\tmp6F.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp74.tmp.dll
C:\WINDOWS\system32\tmp7F.tmp.dll
C:\WINDOWS\system32\tmp93.tmp.dll
C:\WINDOWS\system32\tmp97.tmp.dll
C:\WINDOWS\system32\tmpAA.tmp.dll
C:\WINDOWS\system32\wintisv.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-30 02:30 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-07-30 01:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 01:14 131,787 --a------ C:\WINDOWS\pmljgh.dll
2007-07-30 00:11 <REP> d-------- C:\VundoFix Backups
2007-07-29 14:28 131,787 --a------ C:\WINDOWS\bywwww.dll
2007-07-10 21:53 <REP> d-------- C:\Program Files\Steinberg
2007-07-10 21:53 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\realtech VR
2007-07-10 21:53 <REP> d-------- C:\DOCUME~1\autres\APPLIC~1\Google
2007-07-10 21:52 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-10 21:52 <REP> d-------- C:\WINDOWS\B6D5E63DEFF546169DB706D08F10B0C0.TMP
2007-07-10 21:52 <REP> d-------- C:\Virtual
2007-07-10 21:52 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-07-10 21:52 <REP> d-------- C:\Program Files\Web Hottest Videos Personal Player
2007-07-10 21:52 <REP> d-------- C:\Program Files\Secured_eMule
2007-07-10 21:52 <REP> d-------- C:\My Downloads
2007-07-10 21:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
2007-07-10 21:51 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-07-09 14:02 <REP> d-------- C:\Program Files\realtech VR
2007-07-08 19:28 33,511 --a------ C:\WINDOWS\system32\ninjaext-uninstall.exe
2007-07-08 19:20 <REP> d-------- C:\Program Files\LucasArts
2007-07-06 20:28 <REP> d-------- C:\Program Files\RealVNC
2007-07-05 19:34 <REP> d-------- C:\Program Files\Doom 3
2007-07-05 09:47 <REP> d-------- C:\Program Files\FruityLoops 3.56
2007-07-03 20:50 <REP> d-------- C:\Program Files\Max Payne
2007-07-03 19:33 <REP> d-------- C:\DOCUME~1\autres\Contacts
2007-07-02 21:22 <REP> d-------- C:\Poker
2007-07-02 18:16 <REP> d-------- C:\Program Files\BufferZone
2007-07-02 12:32 <REP> d-------- C:\Program Files\iMesh Applications
2007-07-02 02:19 <REP> d-------- C:\Program Files\Secured eMule
2007-07-02 02:17 <REP> d-------- C:\Program Files\Player Tool
2007-07-02 02:13 <REP> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-06-29 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
2007-06-27 19:34 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Google
2007-06-27 19:33 <REP> d-------- C:\Program Files\Google
2007-06-27 19:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-25 05:54 86,016 --a------ C:\WINDOWS\system32\fastRX2.dll
2007-06-23 13:40 <REP> d-------- C:\Program Files\Activision
2007-06-22 18:28 <REP> d-------- C:\UT2004Demo
2007-06-21 14:20 <REP> d-------- C:\Program Files\Shareaza
2007-06-21 14:20 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Shareaza
2007-06-21 13:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-21 13:16 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-19 20:01 66,560 --a------ C:\WINDOWS\system32\ninjaext.dll
2007-06-15 23:12 <REP> d-------- C:\Program Files\Everest Poker
2007-06-15 14:18 <REP> d---s---- C:\DOCUME~1\laurent\UserData
2007-06-14 18:01 <REP> d-------- C:\DOCUME~1\laurent\Contacts
2007-06-14 18:00 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-13 22:45 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2007-06-13 22:45 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2007-06-13 22:44 <REP> d-------- C:\Program Files\Native Instruments
2007-06-13 22:37 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\WinRAR
2007-06-13 22:34 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\ACD Systems
2007-06-13 22:27 <REP> d-------- C:\Program Files\VirtualDJ
2007-06-13 22:19 2,621,440 --ah----- C:\DOCUME~1\laurent\NTUSER.DAT
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Mes documents
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Menu D‚marrer
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Favoris
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\Voisinage r‚seau
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\Voisinage d'impression
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\ModŠles
2007-06-13 22:19 <REP> d-------- C:\DOCUME~1\laurent\Bureau
2007-06-13 22:19 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 23:47:26 -------- d-----w C:\Program Files\LogMeIn
2007-07-08 17:20:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-05 17:30:29 -------- d-----w C:\Program Files\Codec Pack - All In 1
2007-07-05 17:03:45 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-18 14:27:14 83,552 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-06-18 14:27:13 26,176 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-06-18 14:27:12 63,040 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-06-18 14:27:12 24,000 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-06-18 14:27:12 10,304 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-06-14 16:00:36 -------- d-----w C:\Program Files\MSN Messenger
2007-05-17 20:52:24 62,573 ---h--w C:\WINDOWS\system32\calcsci.exe
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D72794F-D23C-4c23-A60C-D9123F897BCF}]
2007-06-25 05:54 86016 --a------ C:\WINDOWS\system32\fastRX2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266A3562-AB67-480E-9F09-D54604FD817B}]
2007-06-19 20:01 66560 --a------ C:\WINDOWS\system32\ninjaext.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
C:\WINDOWS\system32\tmp2E.tmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E09962E7-A39E-4F60-8003-66D57BED27B7}]
C:\WINDOWS\system32\fastRX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2007-01-22 21:25]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-22 22:06]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 14:02]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-09 17:40:32]
ScanPanel.lnk - C:\Program Files\ScanPanel\ScnPanel.exe [2007-03-19 14:55:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-06-18 16:27 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\pmnkjgg.dll

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 08:58:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"FlushCacheFiles"=str(7):"\x6264\2\xdf78\x012fff\xfff0\xffff\xf020\x15c\x6020\x15e f\xffe8\xffff\x686c\2\xce00\x15c\x4e54\x62dc\x6f18\x123\x843\xdac7\xffd8\xffff\x6b76\16\n\0\x9158\x124\1\0\1c\x6854\x6572\x6461\x6e69\x4d67\x646f\x6c65\x15a\b\0\xd858\x12f\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1\x129\x6956\x7472\x6175\x446c\x2e4a\x7865\x7065\x12c\xffa8\xffff\x6b6e \x8ba0\x51c1\xae9d\x1c7\0\0\x9bc0j\4\0\0\0\x13d0\x152\xffff\xffff\0\0\xffff\xffff\xdcc8\x130\xffff\xffff4\0\0\0\0\0\0\0\0\0\a\0\x736d\x6d6e\x6773r\xffa8\xffff\x6b6e \x8470\x860f\xadf9\x1c7\0\0\xdff8\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc460\x12f\xdcc8\x130\xffff\xffff\0\0\0\0\26\0\2\0\0\0\5\0\x4544\x5542G\0\xffd8\xffff\x6b76\v\2\x8000\0\0\1\0\1\0\x7254\x6361\x2065\x654c\x6576l\0\0\xffa0\xffff\x6b6e \x840\x86ea\xadf9\x1c7\0\0\x11a0\3\1\0\0\0\xdd18\x12f\xffff\xffff\0\0\xffff\xffff\xdcc8\x130\xffff\xffff\n\0\0\0\0\0\0\0\0\0\f\0\x4f50\x4557\x5052\x544e\x452e\x4558\0\0\xffa8\xffff\x6b6e \x16a0\x86ed\xadf9\x1c7\0\0\xe0d0\x12f\5\0\0\0\xfd8\x131\xffff\xffff\1\0\x1200\x131\xdcc8\x130\xffff\xffff\16\0\0\0\0\0\n\00032\5\0\x6873\x6c65ll\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0l\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1d\x5255\x554c\x6470\x7461\x4965\x666eon\xffd8\xffff\x6b76\20\4\x8000\1\0\4\0\1\x12c\x6957\x646e\x776f\x4973\x736e\x6174\x6c6c\x7265\xffe0\xffff\x6b76\a\4\x8000\x258\x300\4\0\1\x12c\x6556\x7372\x6f69\x16e\xffe0\xffff\x6b76\b\4\x8000\0\0\4\0\1\x12c\x614c\x676e\x6175\x6567\xffd0\xffff\x6b76\23\2\x8000\0\0\1\0\1\x12c\x7541\x6874\x726f\x7a69\x6465\x4443\x5046\x6572\x6966\x178\x7b80\x12c\xfff8\xffff\xe950\x12f\xffd8\xffff\x6b76\v\20\0\xe988\x12f\1\0\1\x12c\x6944\x7073\x616c\x4e79\x6d61\x165\x78a8\x12c\xffe0\xffff\x6b76\a\x52a\0\x3020\x130\1\0\1\x12c\x694c\x6563\x736e\x165\xffe8\xffff\x6b76\0004\0\x3f48\x130\1\0\0\x12f\xfff8\xffff\xdd50\x12f\xff88\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x6400\0\0\0\0\xffff\xffff\xffff\xffff\27\0\xe9a8\x12f\xdbe8x\xffff\xffff\0\0\0\0&\0\xbe\00032&\0\x317b\x3332\x3338\x3830\x2d35\x3934\x4145\x342d\x4342\x2d39\x4338\x3344\x342d\x3141\x4538\x4446\x3946\x3846\x7d31{\xffe0\xffff\x6b76\b\2\x8000\0\0\1\0\1l\x6f43\x6d6d\x6e65\x7374\xffe0\xffff\x6b76\a\2\x8000\0\0\1\0\1{\x6f43\x746e\x6361t\xffd8\xffff\x6b76\16\22\0\xcef0\x12f\1\0\1t\x6944\x7073\x616c\x5679\x7265\x6973\x6e6fd\xffe0\xffff\x6b76\b\2\x8000\0\0\1\0\0010\x6548\x706c\x694c\x6b6e\xffd8\xffff\x6b76\r \0\xe450\x12f\1\0\1d\x6548\x706c\x6554\x656c\x6870\x6e6fen\xffd8\xffff+1-866-600-7205\0.d\xffe0\xffffLogMeIn, Inc.\0\xffd8\xffff\x6b76\v\22\0\xe4c0\x12f\1\0\1d\x6e49\x7473\x6c61\x446c\x7461ehn\xffe8\xffff20070515\0t\xffd8\xffff\x6b76\17\2\x8000\0\0\1\0\1{\x6e49\x7473\x6c61\x4c6c\x636f\x7461\x6f69n\xffd8\xffff\x6b76\t\34\0\xe478\x12f\1\0\1\x12f\x7550\x6c62\x7369\x6568\xe472\x12f\xe528\x12f\xffd8\xffff\x6b76\r\xbe\0\xe550\x12f\1\0\1l\x6e49\x7473\x6c61\x536c\x756f\x6372e2\xff38\xffffC:\Documents and Settings\autres\Local Settings\Temporary Internet Files\Content.IE5\0D2FGH6V\\000270\xffd8\xffff\x6b76\nj\0\xe640\x12f\2\0\0012\x6f4d\x6964\x7966\x6150\x6874l}{\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0{\xffe0\xffff\x6b76\4\2\x8000\0\0\1\0\1\x12f\x6953\x657a\xe498\x12f\xfff0\xffff\x686c\1\xeb98\x12f\xf69d\x7e25\xffe0\xffff\x6b76\6\2\x8000\0\0\1\0\0010\x6552\x6461\x656dl\xffd8\xffff\x6b76\17j\0\xe7a0\x12f\2\0\1\x12f\x6e55\x6e69\x7473\x6c61\x536c\x7274\x6e69\x167\xfff0\xffff\x686c\1\xebf8\x12f\xea98\x6e7f\xffd8\xffff\x6b76\r\4\x8000\x46ec\0\4\0\1d\x7345\x6974\x616d\x6574\x5364\x7a69en\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1\x12f\x5255\x554c\x6470\x7461\x4965\x666e\xe56f\x12f\xffe8\xffffLogMeIn\0\xe700\x12f\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0000\xffd8\xffff\x6b76\f&\0\xe838\x12f\1\0\0012\x5255\x494c\x666e\x416f\x6f62\x7475}{\xffd0\xffffhttp://LogMeIn.com\0000.d\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\x12f\x6556\x7372\x6f69\x4d6e\x6e69\x726f\xe528\x12f\xffe0\xffff\x6b76\a\4\x8000\x258\x300\4\0\1\x12f\x6556\x7372\x6f69\x16e\xffd8\xffff\x6b76\f\4\x8000\3\0\4\0\1t\x6556\x7372\x6f69\x4d6e\x6a61\x726f.d\xffe0\xffff\x6b76\b\4\x8000\0\0\4\0\1\x12f\x614c\x676e\x6175\x6567\xffd8\xffff\x6b76\v\20\0\xe788\x12f\1\0\1\x12f\x6944\x7073\x616c\x4e79\x6d61\x165\xe760\x12f\xfff8\xffff\xec58\x12f\xffd8\xffff\x6b76\20\4\x8000\1\0\4\0\0012\x6957\x646e\x776f\x4973\x736e\x6174\x6c6c\x7265\xffc8\xffff\x6b76 \2\x8000\0\0\1\0\1\x12f\x3835\x3330\x3338\x3132\x4541\x3439\x4339\x3442\x3843\x4433\x3441\x3138\x4546\x4446\x3946\x3831\xffe8\xffffLogMeIn\0\xe868\x12f\xfff8\xffff\xeea0\x12f\xffa0\xffff\xe288\x12f\xe3a0\x12f\xe3c0\x12f\xe3e0\x12f\xe408\x12f\xe428\x12f\xe498\x12f\xe4d8\x12f\xe528\x12f\xe618\x12f\xe500\x12f\xe6e0\x12f\xe6b0\x12f\xe738\x12f\xe700\x12f\xe810\x12f\xe760\x12f\xe8b0\x12f\xe868\x12f\xe928\x12f\xe890\x12f\xe8d8\x12f\xe2c0\x12f\xff90\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x66e0\x85\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe2b8\x12f\xdbe8x\xffff\xffff\0\0\0\0@\0\2\0hn \0\x4441\x4244\x3338\x4543\x4443\x3537\x4436\x3430\x4146\x4246\x3337\x3232\x4438\x4141\x3342\x4339\xffa8\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x7648\x12c\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x68a8\x85\xffff\xffff\0\0\0\0\0\0\0\0hn\5\0\x7355\x6761ed\xff98\xffff\x7720\x12c\x7790\x12c\x77d0\x12c\x77f0\x12c\x7828\x12c\x7868\x12c\x78a8\x12c\x78f8\x12c\x7948\x12c\x7970\x12c\x7920\x12c\x7b00\x12c\x7a60\x12c\x7b60\x12c\x7b28\x12c\x7bc0\x12c\x7b80\x12c\xe1f8\x12f\x7be8\x12c\x7c10\x12c\xe220\x12f\xe248\x12f\xe268\x12f\xe8f8\x012f32\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\x9340g\1\0\0\0\xe6d0\x12f\xffff\xffff\0\0\xffff\xffff\x210\0\xffff\xffff\34\0\0\0\0\0\0\0at\f\0\x4652\x3143\x3531\x4136\x6567\x746ell\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\xeb38\x12f\1\0\0\0\xe728\x12f\xffff\xffff\0\0\xffff\xffff\x210\0\xffff\xffff\24\0\0\0\0\0\0\00070\16\0\x7543\x7272\x6e65\x5674\x7265\x6973\x6e6fn\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\xeb98\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe920\x12f\x210\0\xffff\xffff\0\0\0\0*\0\4\0}{\n\0\x6150\x6172\x656d\x6574\x73720.d\xffd0\xffff\x6b76\25\4\x8000\x3a98\0\4\0\0010\x7254\x7061\x6f50\x6c6c\x6954\x656d\x694d\x6c6c\x5369\x6365s2\xffe0\xffff\x6b76\5\x100\0\xeca8\x12f\3\0\1n\x5340\x6c61t0\xfef8\xffff\x57d7\x2843\x5b62\x86b5\xae4c\xefac\x64e9\x7ace\xc902\x265f\x2feb\x82c3\xcfc8\xcd5e\xe55a\xb93d\x868c\x8bc2\xa2e\xdb18\xe4c8\x7873\x1fe5\x3416\x3278\xe8be\x96dc\xf3e3\xbd61\xe283\x852b\x61d4\xae3\xe0a5\x5bba\xa97f\xfb04\x3cb0\xbb74\x3cfd\x5182\xff1a\xd3c3\x34df\x7f18\x4a43\xaaac\xf70\x8a56\x53b5}\xd563\x3f7b\xb8a7\x741f\x129e\x8c27\xf55f\x296d\x7a2b\xed23\xe5f7\x4975\x862\xe201\x8719\x1fb2\xc691\x77f0\x759e\xf075\xc81d\x20cf\x3ccd\x723f\x330d\xb14a\x39ba\x9211\x6800\xfcf6\x9593\x401c\xb6ce\xee18\x8c0d\xf3f7\xbd4a\x6bbd\xa0d4\xba2b\x8e50\xa362\x1aa1\xc022\x21cc\x95d4\x2636\xb15b\x72e4\xe50e\x3173\xf491\x1e91\xc3e8\x881d\x7b50\x4a09\x9b6\xb1e6\xcb52\x3049\x941d\xd8b6\x48c2\x4395\x5ee5\xac03\x9a9d\x3bf4\x91dd\x34e9\xb5fd\x4c00\x36a5\xc3e2\x66b\x1c10}{\xff88\xffff\x6b6e \x59d0\xf20d\x972e\x1c7\0\0\xddf0t\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xaf98\x12c\x3750,\xffff\xffff\0\0\0\0\b\0\x3ed\0.d(\0\x3833\x4334\x3231\x3745\x3541\x4536\x3434\x3046\x3643\x4432\x4343\x3433\x4439\x4536\x3746\x3144\x3045\x4231\x4646\x4133\xff88\xffff\x6b6e \x3d0\xf672\x972e\x1c7\0\0\xdc20t\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe9a0\x12f\x3750,\xffff\xffff\0\0\0\0\b\0\x40b\0}{(\0\x4134\x4137\x3330\x3344\x3937\x4536\x3539\x4542\x4445\x3539\x4434\x4541\x4236\x3233\x3435\x4236\x4134\x3243\x4232\x4244\xffe0\xffff\x6b76\4\x40b\0\x53c8\x130\3\0\0012\x6c42\x626f.d\xffa8\xffff\x6b6e \xb1a0\xef77\x972e\x1c7\0\0\xdbc8t\1\0\0\0\xef90\x12f\xffff\xffff\0\0\xffff\xffff\x3750,\xffff\xffffP\0\0\0\0\0\0\00032\4\0\x654b\x7379ll\xff88\xffff\x6b6e \xb1a0\xef77\x972e\x1c7\0\0\xeec0\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xefc0\x12f\x3750,\xffff\xffff\0\0\0\0\b\0\xe8\0BE(\0\x3246\x3645\x3637\x4533\x3132\x3044\x3944\x3432\x3431\x3041\x3343\x4235\x3843\x3134\x4142\x3044\x4536\x3330\x3142\x3843\xfff0\xffff\x686c\1\xef18\x12f\xb404\xc5b9\xffe0\xffff\x6b76\4\xe8\0\x3900\x130\3\0\1A\x6c42\x626f40\xfff8\xffff\xefa0\x12f\xffd8\xffff\x6b76\rB\0\x3560\x130\1\0\0017\x6543\x7472\x6669\x6369\x7461\x4965D3\xfff0\xffff\xb910\x130\xba70\x130\0\0\x6268\x6e69\xf000\x12f\x4000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\b\26\0\xf040\x12f\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffurlmon.dll\0\x12f\x749\0\xffe0\xffff\x6b76\a\34\0\xf080\x12f\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf0c8\x12f\1\0\1\0\x7542\x6c69\x4464\x7461\x6f65\x130\x770\0\xffc8\xffffMon Feb 19 16:23:02 2007\0\0\xffd8\xffff\x6b76\r\f\0\xf128\x12f\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553\x76d\0\xfff0\xffffa3a46\0\xffe8\xffff\xf020\x12f\xf060\x12f\xf0a0\x12f\xf100\x12f\xd50\x130\xfff0\xffffa6b4b\0\xfff8\xffff\x2fa8\x130\xffc8\xffffMon Feb 19 16:04:10 2007\0t\xffe8\xffff\xbdc0\x12f\xbe00\x12f\xbe40\x12f\xbe68\x12f\xf1b8\x12f\xffe0\xffff\x6b76\b:\0\xf1d8\x12f\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x3ad0\x43a5\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf398\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0at\2\0\x3732270\xffe0\xffff\x6b76\b\26\0\xf290\x12f\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffmshtml.dll\0dll\b\0\xe18\x130\xffe0\xffff\x6b76\a\34\0\xf2d8\x12f\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf320\x12f\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:10 2007\0l\xffd8\xffff\x6b76\r\16\0\xf380\x12f\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff2f989d\0{at\xffe8\xffff\xf270\x12f\xf2b8\x12f\xf2f8\x12f\xf358\x12f\xf3b0\x12f\xffe0\xffff\x6b76\b:\0\xf3d0\x12f\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x7450\x43b1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf580\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0at\2\0\x3832270\xffe0\xffff\x6b76\b\30\0\xf488\x12f\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffjsproxy.dll\0ll\xffe0\xffff\x6b76\a\34\0\xf4c8\x12f\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf510\x12f\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:04:10 2007\0000\xffd8\xffff\x6b76\r\n\0\xf570\x12f\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff75ef\0000\xffe8\xffff\xf468\x12f\xf4a8\x12f\xf4e8\x12f\xf548\x12f\xf598\x12f\xffe0\xffff\x6b76\b:\0\xf5b8\x12f\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0l\xffa8\xffff\x6b6e \x82b0\x43b4\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf768\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00070\2\0\x3932l}{\xffe0\xffff\x6b76\b\26\0\xf670\x12f\1\0\1l\x6946\x656c\x614e\x656d\xffe0\xffffinseng.dll\0thn\xffe0\xffff\x6b76\a\34\0\xf6b0\x12f\1\0\1t\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf6f8\x12f\1\0\0012\x7542\x6c69\x4464\x7461el}{\xffc8\xffffMon Feb 19 16:04:10 2007\0{\xffd8\xffff\x6b76\r\f\0\xf758\x12f\1\0\1l\x7542\x6c69\x4364\x6568\x6b63\x7553m2\xfff0\xffff23d05\0\xffe8\xffff\xf650\x12f\xf690\x12f\xf6d0\x12f\xf730\x12f\xf780\x12f\xffe0\xffff\x6b76\b:\0\xf7a0\x12f\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \x9e0\x43b6\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf950\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3033n32\xffe0\xffff\x6b76\b\30\0\xf858\x12f\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffiepeers.dll\0.d\xffe0\xffff\x6b76\a\34\0\xf898\x12f\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf8e0\x12f\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:10 2007\0002\xffd8\xffff\x6b76\r\f\0\xf940\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff48669\0\xffe8\xffff\xf838\x12f\xf878\x12f\xf8b8\x12f\xf918\x12f\xf968\x12f\xffe0\xffff\x6b76\b:\0\xf988\x12f\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \xbc30\x43c0\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xfb30\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3133dll\xffe0\xffff\x6b76\b\22\0\xfa40\x12f\1\0\1d\x6946\x656c\x614e\x656d\xffe8\xffffiedw.exe\0l\xffe0\xffff\x6b76\a\34\0\xfa78\x12f\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\xfac0\x12f\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 10:01:26 2007\0000\xffd8\xffff\x6b76\r\n\0\xfb20\x12f\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffffa4c7\0000\xffe8\xffff\xfa20\x12f\xfa58\x12f\xfa98\x12f\xfaf8\x12f\xfb48\x12f\xffe0\xffff\x6b76\b:\0\xfb68\x12f\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0l\xffa8\xffff\x6b6e \x4360\x43c2\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xfd18\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00070\2\0\x3233l}{\xffe0\xffff\x6b76\b\26\0\xfc20\x12f\1\0\1l\x6946\x656c\x614e\x656d\xffe0\xffffextmgr.dll\0thn\xffe0\xffff\x6b76\a\34\0\xfc60\x12f\1\0\1t\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xfca8\x12f\1\0\0012\x7542\x6c69\x4464\x7461el}{\xffc8\xffffMon Feb 19 16:04:10 2007\0{\xffd8\xffff\x6b76\r\f\0\xfd08\x12f\1\0\1l\x7542\x6c69\x4364\x6568\x6b63\x7553m2\xfff0\xffff111b8\0\xffe8\xffff\xfc00\x12f\xfc40\x12f\xfc80\x12f\xfce0\x12f\xfd30\x12f\xffe0\xffff\x6b76\b:\0\xfd50\x12f\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \xe750\x43c9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xff00\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3333n32\xffe0\xffff\x6b76\b\30\0\xfe08\x12f\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffdxtrans.dll\0.d\xffe0\xffff\x6b76\a\34\0\xfe48\x12f\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\xfe90\x12f\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:10 2007\0002\xffd8\xffff\x6b76\r\f\0\xfef0\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff37650\0\xffe8\xffff\xfde8\x12f\xfe28\x12f\xfe68\x12f\xfec8\x12f\xff18\x12f\xffe0\xffff\x6b76\b:\0\xff38\x12f\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \x410\x43d0\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xe8\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3433dll\xffe0\xffff\x6b76\b\30\0\xfff0\x12f\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffdxtmsft.dll\0at\xffe0\xffff\x6b76\a\34\0000\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0x\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:09 2007\0l\xffd8\xffff\x6b76\r\f\0\xd8\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xfff0\xffff622ab\0\xffe8\xffff\xffd0\x12f\20\x130P\x130\xb0\x130\x100\x130\xffe0\xffff\x6b76\b:\0\x120\x130\1\0\0010\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0t\xffa8\xffff\x6b6e \x8b40\x43d1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2c8\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\0ll\2\0\x3533thn\xffe0\xffff\x6b76\b\24\0\x1d8\x130\1\0\1t\x6946\x656c\x614e\x656d\xffe8\xffffdanim.dll\0\xffe0\xffff\x6b76\a\24\0\x210\x130\1\0\1t\x6556\x7372\x6f69n\xffe8\xffff6.3.1.148\0\xffd8\xffff\x6b76\t2\0\x250\x130\1\0\1t\x7542\x6c69\x4464\x7461e0.d\xffc8\xffffMon Feb 19 16:04:09 2007\0d\xffd8\xffff\x6b76\r\16\0\x2b0\x130\1\0\0010\x7542\x6c69\x4364\x6568\x6b63\x7553mt\xffe8\xffff1078c3\0l}{\xffe8\xffff\x1b8\x130\x1f0\x130\x228\x130\x288\x130\x2e0\x130\xffe0\xffff\x6b76\b:\0\x300\x130\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \x3d90\x43dc\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x4b0\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3633n32\xffe0\xffff\x6b76\b\30\0\x3b8\x130\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffcdfview.dll\0.d\xffe0\xffff\x6b76\a\34\0\x3f8\x130\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x440\x130\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:09 2007\0002\xffd8\xffff\x6b76\r\f\0\x4a0\x130\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff34df9\0\xffe8\xffff\x398\x130\x3d8\x130\x418\x130\x478\x130\x4c8\x130\xffe0\xffff\x6b76\b:\0\x4e8\x130\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \x4bf0\x43df\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x6a0\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3733dll\xffe0\xffff\x6b76\b\32\0\x5a0\x130\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffbrowseui.dll\0t\xffe0\xffff\x6b76\a\34\0\x5e0\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x628\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:09 2007\0l\xffd8\xffff\x6b76\r\16\0\x688\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff1079e9\0{at\xffe8\xffff\x580\x130\x5c0\x130\x600\x130\x660\x130\x6b8\x130\xffe0\xffff\x6b76\b:\0\x6d8\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x8570\x43eb\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x888\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3833270\xffe0\xffff\x6b76\b\26\0\x790\x130\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffextmgr.dll\0dll\xffe0\xffff\x6b76\a\34\0\x7d0\x130\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x818\x130\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:23:01 2007\0000\xffd8\xffff\x6b76\r\f\0\x878\x130\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff1b9c5\0\xffe8\xffff\x770\x130\x7b0\x130\x7f0\x130\x850\x130\x8a0\x130\xffe0\xffff\x6b76\bH\0\x8c0\x130\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\00032\xffa8\xffff\x6b6e \xa230\x43f1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xa80\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3933270\xffe0\xffff\x6b76\b\30\0\x988\x130\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffshlwapi.dll\0ll\xffe0\xffff\x6b76\a\34\0\x9c8\x130\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xa10\x130\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:23:02 2007\0000\xffd8\xffff\x6b76\r\f\0\xa70\x130\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff7ffca\0\xffe8\xffff\x968\x130\x9a8\x130\x9e8\x130\xa48\x130\xa98\x130\xffe0\xffff\x6b76\bH\0\xab8\x130\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\00032\xffa8\xffff\x6b6e \x62e0\x43ff\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf138\x12f\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3034270\xfe10\xffff\x686c:\x77d0\x012f0\0\x7940\x012f1\0\x89e0\x12f\x745\0\x8ba8\x12f\x746\0\x8da0\x12f\x747\0\x8f68\x12f\x748\0\xb7d8\x12f\x749\0\xb9b0\x12f\x74a\0\xbb88\x12f\x74b\0\xbd68\x12f\x74c\0\xbfa0\x12f\x74d\0\x61c0\x130\x74e\0\x7b20\x012f2\0\x63a8\x130\x76a\0\x6590\x130\x76b\0\x6778\x130\x76c\0\x6968\x130\x76d\0\x6b50\x130\x76e\0\x6d38\x130\x76f\0\x6f20\x130\x770\0\xf218\x12f\x771\0\xf410\x12f\x772\0\xf5f8\x12f\x773\0\x7cf8\x012f3\0\xf7e0\x12f\x78f\0\xf9c8\x12f\x790\0\xfba8\x12f\x791\0\xfd90\x12f\x792\0\xff78\x12f\x793\0\x160\x130\x794\0\x340\x130\x795\0\x528\x130\x796\0\x718\x130\x797\0\x910\x130\x798\0\x7ed8\x012f4\0\xb08\x130\x7b4\0\xdc0\x130\x7b5\0\xfa8\x130\x7b6\0\x11a8\x130\x7b7\0\x13a0\x130\x7b8\0\x1598\x130\x7b9\0\x1790\x130\x7ba\0\x1988\x130\x7bb\0\x1b80\x130\x7bc\0\x1d78\x130\x7bd\0\x80c0\x012f5\0\x1f70\x130\x7d9\0\x2160\x130\x7da\0\x2358\x130\x7db\0\x2550\x130\x7dc\0\x2740\x130\x7dd\0\x2938\x130\x7de\0\x2b38\x130\x7df\0\x2d30\x130\x7e0\0\x8288\x012f6\0\x8450\x012f7\0\x8638\x012f8\0\x8818\x012f9\00070.dll}{athn\xffe0\xffff\x6b76\bH\0\xd70\x130\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0hn\xffa8\xffff\x6b6e \x1530\x440a\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf20\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0}{\2\0\x3134n32\xffe0\xffff\x6b76\b\30\0\xe38\x130\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffwininet.dll\0.d\xffe0\xffff\x6b76\a\34\0\xe78\x130\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xec0\x130\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:23:02 2007\0002\xffd8\xffff\x6b76\r\f\0\xf150\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xffe8\xffff\xe18\x130\xe58\x130\xe98\x130\xef8\x130\xf38\x130\xffe0\xffff\x6b76\bH\0\xf58\x130\1\0\0010\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0.d\xffa8\xffff\x6b6e \xf2a0\x441d\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1120\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\00032\2\0\x3234dll\xffe0\xffff\x6b76\b\30\0\x1020\x130\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffshdocvw.dll\0at\xffe0\xffff\x6b76\a\34\0\x1060\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x10a8\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:23:02 2007\0l\xffd8\xffff\x6b76\r\16\0\x1108\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff17da05\0{at\xffe8\xffff\x1000\x130\x1040\x130\x1080\x130\x10e0\x130\x1138\x130\xffe0\xffff\x6b76\bH\0\x1158\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x5cc0\x44a1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1318\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3334{at\xffe0\xffff\x6b76\b\32\0\x1220\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffmshtmled.dll\0002\xffe0\xffff\x6b76\a\34\0\x1260\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x12a8\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x1308\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff79b7e\0\xffe8\xffff\x1200\x130\x1240\x130\x1280\x130\x12e0\x130\x1330\x130\xffe0\xffff\x6b76\bH\0\x1350\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \xb300\x44b3\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1510\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3434{at\xffe0\xffff\x6b76\b\30\0\x1418\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffjsproxy.dll\00032\xffe0\xffff\x6b76\a\34\0\x1458\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x14a0\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\n\0\x1500\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff98de\0t\xffe8\xffff\x13f8\x130\x1438\x130\x1478\x130\x14d8\x130\x1528\x130\xffe0\xffff\x6b76\bH\0\x1548\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \xcfc0\x44b9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1708\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3534{at\xffe0\xffff\x6b76\b\32\0\x1610\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffspru040c.dll\0002\xffe0\xffff\x6b76\a\34\0\x1650\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\x1698\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 10:56:57 2007\0t\xffd8\xffff\x6b76\r\f\0\x16f8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff4b2ff\0\xffe8\xffff\x15f0\x130\x1630\x130\x1670\x130\x16d0\x130\x1720\x130\xffe0\xffff\x6b76\bH\0\x1740\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x6550\x44be\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1900\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3634{at\xffe0\xffff\x6b76\b\26\0\x1808\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffinseng.dll\0n32\xffe0\xffff\x6b76\a\34\0\x1848\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1890\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x18f0\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff1a255\0\xffe8\xffff\x17e8\x130\x1828\x130\x1868\x130\x18c8\x130\x1918\x130\xffe0\xffff\x6b76\bH\0\x1938\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x8210\x44c4\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1af8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3734{at\xffe0\xffff\x6b76\b\30\0\x1a00\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffdxtrans.dll\00032\xffe0\xffff\x6b76\a\34\0\x1a40\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1a88\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ae8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff337f7\0\xffe8\xffff\x19e0\x130\x1a20\x130\x1a60\x130\x1ac0\x130\x1b10\x130\xffe0\xffff\x6b76\bH\0\x1b30\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x9ed0\x44ca\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1cf0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3834{at\xffe0\xffff\x6b76\b\32\0\x1bf8\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffmsrating.dll\0002\xffe0\xffff\x6b76\a\34\0\x1c38\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1c80\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:02 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ce0\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff315f9\0\xffe8\xffff\x1bd8\x130\x1c18\x130\x1c58\x130\x1cb8\x130\x1d08\x130\xffe0\xffff\x6b76\bH\0\x1d28\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x3460\x44cf\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1ee8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3934{at\xffe0\xffff\x6b76\b\30\0\x1df0\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffcdfview.dll\00032\xffe0\xffff\x6b76\a\34\0\x1e30\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1e78\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:00 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ed8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff29050\0\xffe8\xffff\x1dd0\x130\x1e10\x130\x1e50\x130\x1eb0\x130\x1f00\x130\xffe0\xffff\x6b76\bH\0\x1f20\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0,4\xffa8\xffff\x6b6e \x5120\x44d5\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x20d8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0fx\2\0\x3035.dl\xffe0\xffff\x6b76\b\24\0\x1fe8\x130\1\0\18\x6946\x656c\x614e\x656d\xffe8\xffffdanim.dll\0\xffe0\xffff\x6b76\a\24\0\x2020\x130\1\0\1\0\x6556\x7372\x6f69n\xffe8\xffff6.3.1.148\0\xffd8\xffff\x6b76\t2\0\x2060\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\16\0\x20c0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xffe8\xffff105810\0\0\0\0\xffe8\xffff\x1fc8\x130\x2000\x130\x2038\x130\x2098\x130\x20f0\x130\xffe0\xffff\x6b76\bH\0\x2110\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x2e90\x44e9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x22d0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3135\0\0\0\xffe0\xffff\x6b76\b\30\0\x21d8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffdxtmsft.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2218\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2260\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\f\0\x22c0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff64c13\0\xffe8\xffff\x21b8\x130\x21f8\x130\x2238\x130\x2298\x130\x22e8\x130\xffe0\xffff\x6b76\bH\0\x2308\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x59b0\x44f2\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x24c8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3235\0\0\0\xffe0\xffff\x6b76\b\30\0\x23d0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffiepeers.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2410\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2458\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:01 2007\0\0\xffd8\xffff\x6b76\r\f\0\x24b8\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff3ffba\0\xffe8\xffff\x23b0\x130\x23f0\x130\x2430\x130\x2490\x130\x24e0\x130\xffe0\xffff\x6b76\bH\0\x2500\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \xef40\x44f6\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x26b8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3335\0\0\0\xffe0\xffff\x6b76\b\22\0\x25c8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe8\xffffiedw.exe\0\0\xffe0\xffff\x6b76\a\34\0\x2600\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\x2648\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 11:10:49 2007\0\0\xffd8\xffff\x6b76\r\n\0\x26a8\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff97ab\0\0\xffe8\xffff\x25a8\x130\x25e0\x130\x2620\x130\x2680\x130\x26d0\x130\xffe0\xffff\x6b76\bH\0\x26f0\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x84d0\x44fb\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x28b0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3435\0\0\0\xffe0\xffff\x6b76\b\26\0\x27b8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffmstime.dll\0\0\0\0\xffe0\xffff\x6b76\a\34\0\x27f8\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2840\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:03 2007\0\0\xffd8\xffff\x6b76\r\f\0\x28a0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff8ec33\0\xffe8\xffff\x2798\x130\x27d8\x130\x2818\x130\x2878\x130\x28c8\x130\xffe0\xffff\x6b76\bH\0\x28e8\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \xb880\x4521\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2ab0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3535\0\0\0\xffe0\xffff\x6b76\b\32\0\x29b0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffbrowseui.dll\0\0\xffe0\xffff\x6b76\a\34\0\x29f0\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2a38\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\16\0\x2a98\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xffe8\xffff106a0d\0\0\0\0\xffe8\xffff\x2990\x130\x29d0\x130\x2a10\x130\x2a70\x130\x2ac8\x130\xffe0\xffff\x6b76\bH\0\x2ae8\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x8790\x4532\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2ca8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3635\0\0\0\xffe0\xffff\x6b76\b\30\0\x2bb0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffpngfilt.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2bf0\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2c38\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:02 2007\0\0\xffd8\xffff\x6b76\r\n\0\x2c98\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffffbca1\0\0\xffe8\xffff\x2b90\x130\x2bd0"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 9:00:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 08:59

--- E O F ---

le message d'erreur n'est pas venu apres le reboot du a combo fix... suis-je gueris docteur ou toujours infecté?

Voici mon rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:02:45, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ScanPanel\ScnPanel.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\laurent\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.47.14.2/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.47.14.2:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: FastRX - {1D72794F-D23C-4c23-A60C-D9123F897BCF} - C:\WINDOWS\system32\fastRX2.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp2E.tmp.dll (file missing)
O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\pmnkjgg.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Qlmau2kmnspk - Parallel Technologies, Inc. - (no file)

suis-je toujours infecté??

bonjour

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: FastRX - {1D72794F-D23C-4c23-A60C-D9123F897BCF} - C:\WINDOWS\system32\fastRX2.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp2E.tmp.dll (file missing)
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\pmnkjgg.dll



Clique sur Fix checked (en bas à gauche)




Copie (Ctrl+C) le texte ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

HijackThis:

Fix 5 selected items? this will permanently delete and/or repair what you selected, unless you make a backup.

oui non ????

moi, j'ai donné 6 lignes à fixer.  
fais attention à fixer les mêmes que celles que je te donne et accepte.

"laurent" - 2007-07-30 10:23:31 [GMT 2:00] - ComboFix 07-07-24 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\laurent\Bureau\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\bywwww.dll
C:\WINDOWS\system32\fastRX2.dll
C:\WINDOWS\system32\ninjaext.dll


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-30 02:30 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-07-30 01:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 01:14 131,787 --a------ C:\WINDOWS\pmljgh.dll
2007-07-30 00:11 <REP> d-------- C:\VundoFix Backups
2007-07-10 21:53 <REP> d-------- C:\Program Files\Steinberg
2007-07-10 21:53 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\realtech VR
2007-07-10 21:53 <REP> d-------- C:\DOCUME~1\autres\APPLIC~1\Google
2007-07-10 21:52 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-10 21:52 <REP> d-------- C:\WINDOWS\B6D5E63DEFF546169DB706D08F10B0C0.TMP
2007-07-10 21:52 <REP> d-------- C:\Virtual
2007-07-10 21:52 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-07-10 21:52 <REP> d-------- C:\Program Files\Web Hottest Videos Personal Player
2007-07-10 21:52 <REP> d-------- C:\Program Files\Secured_eMule
2007-07-10 21:52 <REP> d-------- C:\My Downloads
2007-07-10 21:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
2007-07-10 21:51 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-07-09 14:02 <REP> d-------- C:\Program Files\realtech VR
2007-07-08 19:28 33,511 --a------ C:\WINDOWS\system32\ninjaext-uninstall.exe
2007-07-08 19:20 <REP> d-------- C:\Program Files\LucasArts
2007-07-06 20:28 <REP> d-------- C:\Program Files\RealVNC
2007-07-05 19:34 <REP> d-------- C:\Program Files\Doom 3
2007-07-05 09:47 <REP> d-------- C:\Program Files\FruityLoops 3.56
2007-07-03 20:50 <REP> d-------- C:\Program Files\Max Payne
2007-07-03 19:33 <REP> d-------- C:\DOCUME~1\autres\Contacts
2007-07-02 21:22 <REP> d-------- C:\Poker
2007-07-02 18:16 <REP> d-------- C:\Program Files\BufferZone
2007-07-02 12:32 <REP> d-------- C:\Program Files\iMesh Applications
2007-07-02 02:19 <REP> d-------- C:\Program Files\Secured eMule
2007-07-02 02:17 <REP> d-------- C:\Program Files\Player Tool
2007-07-02 02:13 <REP> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-06-29 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
2007-06-27 19:34 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Google
2007-06-27 19:33 <REP> d-------- C:\Program Files\Google
2007-06-27 19:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-23 13:40 <REP> d-------- C:\Program Files\Activision
2007-06-22 18:28 <REP> d-------- C:\UT2004Demo
2007-06-21 14:20 <REP> d-------- C:\Program Files\Shareaza
2007-06-21 14:20 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Shareaza
2007-06-21 13:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-21 13:16 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-15 23:12 <REP> d-------- C:\Program Files\Everest Poker
2007-06-15 14:18 <REP> d---s---- C:\DOCUME~1\laurent\UserData
2007-06-14 18:01 <REP> d-------- C:\DOCUME~1\laurent\Contacts
2007-06-14 18:00 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-13 22:45 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2007-06-13 22:45 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2007-06-13 22:44 <REP> d-------- C:\Program Files\Native Instruments
2007-06-13 22:37 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\WinRAR
2007-06-13 22:34 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\ACD Systems
2007-06-13 22:27 <REP> d-------- C:\Program Files\VirtualDJ
2007-06-13 22:19 2,621,440 --ah----- C:\DOCUME~1\laurent\NTUSER.DAT
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Mes documents
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Menu D‚marrer
2007-06-13 22:19 <REP> dr------- C:\DOCUME~1\laurent\Favoris
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\Voisinage r‚seau
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\Voisinage d'impression
2007-06-13 22:19 <REP> d--h----- C:\DOCUME~1\laurent\ModŠles
2007-06-13 22:19 <REP> d-------- C:\DOCUME~1\laurent\Bureau
2007-06-13 22:19 <REP> d-------- C:\DOCUME~1\laurent\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 07:57:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-10 23:47:26 -------- d-----w C:\Program Files\LogMeIn
2007-07-05 17:30:29 -------- d-----w C:\Program Files\Codec Pack - All In 1
2007-07-05 17:03:45 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-18 14:27:14 83,552 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-06-18 14:27:13 26,176 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-06-18 14:27:12 63,040 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-06-18 14:27:12 24,000 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-06-18 14:27:12 10,304 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-06-14 16:00:36 -------- d-----w C:\Program Files\MSN Messenger
2007-05-17 20:52:24 62,573 ---h--w C:\WINDOWS\system32\calcsci.exe
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2007-01-22 21:25]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-22 22:06]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 14:02]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-09 17:40:32]
ScanPanel.lnk - C:\Program Files\ScanPanel\ScnPanel.exe [2007-03-19 14:55:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-06-18 16:27 63040 C:\WINDOWS\system32\LMIinit.dll

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d8c831-8602-11db-b3c8-806d6172696f}]
AutoRun\command- D:\autorun.exe

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 10:26:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"FlushCacheFiles"=str(7):"\x6264\2\xdf78\x012fff\xfff0\xffff\xf020\x15c\x6020\x15e f\xffe8\xffff\x686c\2\xce00\x15c\x4e54\x62dc\x6f18\x123\x843\xdac7\xffd8\xffff\x686c\3\x3d68\x111\xf9e6\xe06f\x43d0\x12e\xb890\x97e\x2528\x156\x461\xc6a9\x4d67\x646f\x6c65\x15a\b\0\xd858\x12f\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1\x129\x6956\x7472\x6175\x446c\x2e4a\x7865\x7065\x12c\xffa8\xffff\x6b6e \x8ba0\x51c1\xae9d\x1c7\0\0\x9bc0j\4\0\0\0\x13d0\x152\xffff\xffff\0\0\xffff\xffff\xdcc8\x130\xffff\xffff4\0\0\0\0\0\0\0\0\0\a\0\x736d\x6d6e\x6773r\xffa8\xffff\x6b6e \x8470\x860f\xadf9\x1c7\0\0\xdff8\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc460\x12f\xdcc8\x130\xffff\xffff\0\0\0\0\26\0\2\0\0\0\5\0\x4544\x5542G\0\xffd8\xffff\x6b76\v\2\x8000\0\0\1\0\1\0\x7254\x6361\x2065\x654c\x6576l\0\0\xffa0\xffff\x6b6e \x840\x86ea\xadf9\x1c7\0\0\x11a0\3\1\0\0\0\xdd18\x12f\xffff\xffff\0\0\xffff\xffff\xdcc8\x130\xffff\xffff\n\0\0\0\0\0\0\0\0\0\f\0\x4f50\x4557\x5052\x544e\x452e\x4558\0\0\xffa8\xffff\x6b6e \x16a0\x86ed\xadf9\x1c7\0\0\xe0d0\x12f\5\0\0\0\xfd8\x131\xffff\xffff\1\0\x1200\x131\xdcc8\x130\xffff\xffff\16\0\0\0\0\0\n\00032\5\0\x6873\x6c65ll\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0l\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1d\x5255\x554c\x6470\x7461\x4965\x666eon\xffd8\xffff\x6b76\20\4\x8000\1\0\4\0\1\x12c\x6957\x646e\x776f\x4973\x736e\x6174\x6c6c\x7265\xffe0\xffff\x6b76\a\4\x8000\x258\x300\4\0\1\x12c\x6556\x7372\x6f69\x16e\xffe0\xffff\x6b76\b\4\x8000\0\0\4\0\1\x12c\x614c\x676e\x6175\x6567\xffd0\xffff\x6b76\23\2\x8000\0\0\1\0\1\x12c\x7541\x6874\x726f\x7a69\x6465\x4443\x5046\x6572\x6966\x178\x7b80\x12c\xfff8\xffff\xe950\x12f\xffd8\xffff\x6b76\v\20\0\xe988\x12f\1\0\1\x12c\x6944\x7073\x616c\x4e79\x6d61\x165\x78a8\x12c\xffe0\xffff\x6b76\a\x52a\0\x3020\x130\1\0\1\x12c\x694c\x6563\x736e\x165\xffe8\xffff\x6b76\0004\0\x3f48\x130\1\0\0\x12f\xfff8\xffff\xdd50\x12f\xff88\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x6400\0\0\0\0\xffff\xffff\xffff\xffff\27\0\xe9a8\x12f\xdbe8x\xffff\xffff\0\0\0\0&\0\xbe\00032&\0\x317b\x3332\x3338\x3830\x2d35\x3934\x4145\x342d\x4342\x2d39\x4338\x3344\x342d\x3141\x4538\x4446\x3946\x3846\x7d31{\xffe0\xffff\x6b76\b\2\x8000\0\0\1\0\1l\x6f43\x6d6d\x6e65\x7374\xffe0\xffff\x6b76\a\2\x8000\0\0\1\0\1{\x6f43\x746e\x6361t\xffd8\xffff\x6b76\16\22\0\xcef0\x12f\1\0\1t\x6944\x7073\x616c\x5679\x7265\x6973\x6e6fd\xffe0\xffff\x6b76\b\2\x8000\0\0\1\0\0010\x6548\x706c\x694c\x6b6e\xffd8\xffff\x6b76\r \0\xe450\x12f\1\0\1d\x6548\x706c\x6554\x656c\x6870\x6e6fen\xffd8\xffff+1-866-600-7205\0.d\xffe0\xffffLogMeIn, Inc.\0\xffd8\xffff\x6b76\v\22\0\xe4c0\x12f\1\0\1d\x6e49\x7473\x6c61\x446c\x7461ehn\xffe8\xffff20070515\0t\xffd8\xffff\x6b76\17\2\x8000\0\0\1\0\1{\x6e49\x7473\x6c61\x4c6c\x636f\x7461\x6f69n\xffd8\xffff\x6b76\t\34\0\xe478\x12f\1\0\1\x12f\x7550\x6c62\x7369\x6568\xe472\x12f\xe528\x12f\xffd8\xffff\x6b76\r\xbe\0\xe550\x12f\1\0\1l\x6e49\x7473\x6c61\x536c\x756f\x6372e2\xff38\xffffC:\Documents and Settings\autres\Local Settings\Temporary Internet Files\Content.IE5\0D2FGH6V\\000270\xffd8\xffff\x6b76\nj\0\xe640\x12f\2\0\0012\x6f4d\x6964\x7966\x6150\x6874l}{\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0{\xffe0\xffff\x6b76\4\2\x8000\0\0\1\0\1\x12f\x6953\x657a\xe498\x12f\xfff0\xffff\x686c\1\xeb98\x12f\xf69d\x7e25\xffe0\xffff\x6b76\6\2\x8000\0\0\1\0\0010\x6552\x6461\x656dl\xffd8\xffff\x6b76\17j\0\xe7a0\x12f\2\0\1\x12f\x6e55\x6e69\x7473\x6c61\x536c\x7274\x6e69\x167\xfff0\xffff\x686c\1\xebf8\x12f\xea98\x6e7f\xffd8\xffff\x6b76\r\4\x8000\x46ec\0\4\0\1d\x7345\x6974\x616d\x6574\x5364\x7a69en\xffd8\xffff\x6b76\r\2\x8000\0\0\1\0\1\x12f\x5255\x554c\x6470\x7461\x4965\x666e\xe56f\x12f\xffe8\xffffLogMeIn\0\xe700\x12f\xff90\xffffMsiExec.exe /I{12383085-49EA-4BC9-8CD3-4A18EFDF9F81}\0000\xffd8\xffff\x6b76\f&\0\xe838\x12f\1\0\0012\x5255\x494c\x666e\x416f\x6f62\x7475}{\xffd0\xffffhttp://LogMeIn.com\0000.d\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\x12f\x6556\x7372\x6f69\x4d6e\x6e69\x726f\xe528\x12f\xffe0\xffff\x6b76\a\4\x8000\x258\x300\4\0\1\x12f\x6556\x7372\x6f69\x16e\xffd8\xffff\x6b76\f\4\x8000\3\0\4\0\1t\x6556\x7372\x6f69\x4d6e\x6a61\x726f.d\xffe0\xffff\x6b76\b\4\x8000\0\0\4\0\1\x12f\x614c\x676e\x6175\x6567\xffd8\xffff\x6b76\v\20\0\xe788\x12f\1\0\1\x12f\x6944\x7073\x616c\x4e79\x6d61\x165\xe760\x12f\xfff8\xffff\xec58\x12f\xffd8\xffff\x6b76\20\4\x8000\1\0\4\0\0012\x6957\x646e\x776f\x4973\x736e\x6174\x6c6c\x7265\xffc8\xffff\x6b76 \2\x8000\0\0\1\0\1\x12f\x3835\x3330\x3338\x3132\x4541\x3439\x4339\x3442\x3843\x4433\x3441\x3138\x4546\x4446\x3946\x3831\xffe8\xffffLogMeIn\0\xe868\x12f\xfff8\xffff\xeea0\x12f\xffa0\xffff\xe288\x12f\xe3a0\x12f\xe3c0\x12f\xe3e0\x12f\xe408\x12f\xe428\x12f\xe498\x12f\xe4d8\x12f\xe528\x12f\xe618\x12f\xe500\x12f\xe6e0\x12f\xe6b0\x12f\xe738\x12f\xe700\x12f\xe810\x12f\xe760\x12f\xe8b0\x12f\xe868\x12f\xe928\x12f\xe890\x12f\xe8d8\x12f\xe2c0\x12f\xff90\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x66e0\x85\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe2b8\x12f\xdbe8x\xffff\xffff\0\0\0\0@\0\2\0hn \0\x4441\x4244\x3338\x4543\x4443\x3537\x4436\x3430\x4146\x4246\x3337\x3232\x4438\x4141\x3342\x4339\xffa8\xffff\x6b6e \x6840\xed11\x972e\x1c7\0\0\x7648\x12c\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x68a8\x85\xffff\xffff\0\0\0\0\0\0\0\0hn\5\0\x7355\x6761ed\xff98\xffff\x7720\x12c\x7790\x12c\x77d0\x12c\x77f0\x12c\x7828\x12c\x7868\x12c\x78a8\x12c\x78f8\x12c\x7948\x12c\x7970\x12c\x7920\x12c\x7b00\x12c\x7a60\x12c\x7b60\x12c\x7b28\x12c\x7bc0\x12c\x7b80\x12c\xe1f8\x12f\x7be8\x12c\x7c10\x12c\xe220\x12f\xe248\x12f\xe268\x12f\xe8f8\x012f32\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\x9340g\1\0\0\0\xe6d0\x12f\xffff\xffff\0\0\xffff\xffff\x210\0\xffff\xffff\34\0\0\0\0\0\0\0at\f\0\x4652\x3143\x3531\x4136\x6567\x746ell\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\xeb38\x12f\1\0\0\0\xe728\x12f\xffff\xffff\0\0\xffff\xffff\x210\0\xffff\xffff\24\0\0\0\0\0\0\00070\16\0\x7543\x7272\x6e65\x5674\x7265\x6973\x6e6fn\xffa0\xffff\x6b6e \x28a0\xeda7\x972e\x1c7\0\0\xeb98\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe920\x12f\x210\0\xffff\xffff\0\0\0\0*\0\4\0}{\n\0\x6150\x6172\x656d\x6574\x73720.d\xffd0\xffff\x6b76\25\4\x8000\x3a98\0\4\0\0010\x7254\x7061\x6f50\x6c6c\x6954\x656d\x694d\x6c6c\x5369\x6365s2\xffe0\xffff\x6b76\5\x100\0\xeca8\x12f\3\0\1n\x5340\x6c61t0\xfef8\xffff\x57d7\x2843\x5b62\x86b5\xae4c\xefac\x64e9\x7ace\xc902\x265f\x2feb\x82c3\xcfc8\xcd5e\xe55a\xb93d\x868c\x8bc2\xa2e\xdb18\xe4c8\x7873\x1fe5\x3416\x3278\xe8be\x96dc\xf3e3\xbd61\xe283\x852b\x61d4\xae3\xe0a5\x5bba\xa97f\xfb04\x3cb0\xbb74\x3cfd\x5182\xff1a\xd3c3\x34df\x7f18\x4a43\xaaac\xf70\x8a56\x53b5}\xd563\x3f7b\xb8a7\x741f\x129e\x8c27\xf55f\x296d\x7a2b\xed23\xe5f7\x4975\x862\xe201\x8719\x1fb2\xc691\x77f0\x759e\xf075\xc81d\x20cf\x3ccd\x723f\x330d\xb14a\x39ba\x9211\x6800\xfcf6\x9593\x401c\xb6ce\xee18\x8c0d\xf3f7\xbd4a\x6bbd\xa0d4\xba2b\x8e50\xa362\x1aa1\xc022\x21cc\x95d4\x2636\xb15b\x72e4\xe50e\x3173\xf491\x1e91\xc3e8\x881d\x7b50\x4a09\x9b6\xb1e6\xcb52\x3049\x941d\xd8b6\x48c2\x4395\x5ee5\xac03\x9a9d\x3bf4\x91dd\x34e9\xb5fd\x4c00\x36a5\xc3e2\x66b\x1c10}{\xff88\xffff\x6b6e \x59d0\xf20d\x972e\x1c7\0\0\xddf0t\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xaf98\x12c\x3750,\xffff\xffff\0\0\0\0\b\0\x3ed\0.d(\0\x3833\x4334\x3231\x3745\x3541\x4536\x3434\x3046\x3643\x4432\x4343\x3433\x4439\x4536\x3746\x3144\x3045\x4231\x4646\x4133\xff88\xffff\x6b6e \x3d0\xf672\x972e\x1c7\0\0\xdc20t\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe9a0\x12f\x3750,\xffff\xffff\0\0\0\0\b\0\x40b\0}{(\0\x4134\x4137\x3330\x3344\x3937\x4536\x3539\x4542\x4445\x3539\x4434\x4541\x4236\x3233\x3435\x4236\x4134\x3243\x4232\x4244\xffe0\xffff\x6b76\4\x40b\0\x53c8\x130\3\0\0012\x6c42\x626f.d\xffa8\xffff\x6b6e \xb1a0\xef77\x972e\x1c7\0\0\xdbc8t\1\0\0\0\xef90\x12f\xffff\xffff\0\0\xffff\xffff\x3750,\xffff\xffffP\0\0\0\0\0\0\00032\4\0\x654b\x7379ll\xff88\xffff\x6b6e \xb1a0\xef77\x972e\x1c7\0\0\xeec0\x12f\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xefc0\x12f\x3750,\xffff\xffff\0\0\0\0\b\0\xe8\0BE(\0\x3246\x3645\x3637\x4533\x3132\x3044\x3944\x3432\x3431\x3041\x3343\x4235\x3843\x3134\x4142\x3044\x4536\x3330\x3142\x3843\xfff0\xffff\x686c\1\xef18\x12f\xb404\xc5b9\xffe0\xffff\x6b76\4\xe8\0\x3900\x130\3\0\1A\x6c42\x626f40\xfff8\xffff\xefa0\x12f\xffd8\xffff\x6b76\rB\0\x3560\x130\1\0\0017\x6543\x7472\x6669\x6369\x7461\x4965D3\xfff0\xffff\xb910\x130\xba70\x130\0\0\x6268\x6e69\xf000\x12f\x4000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\b\26\0\xf040\x12f\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffurlmon.dll\0\x12f\x749\0\xffe0\xffff\x6b76\a\34\0\xf080\x12f\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf0c8\x12f\1\0\1\0\x7542\x6c69\x4464\x7461\x6f65\x130\x770\0\xffc8\xffffMon Feb 19 16:23:02 2007\0\0\xffd8\xffff\x6b76\r\f\0\xf128\x12f\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553\x76d\0\xfff0\xffffa3a46\0\xffe8\xffff\xf020\x12f\xf060\x12f\xf0a0\x12f\xf100\x12f\xd50\x130\xfff0\xffffa6b4b\0\xfff8\xffff\x2fa8\x130\xffc8\xffffMon Feb 19 16:04:10 2007\0t\xffe8\xffff\xbdc0\x12f\xbe00\x12f\xbe40\x12f\xbe68\x12f\xf1b8\x12f\xffe0\xffff\x6b76\b:\0\xf1d8\x12f\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x3ad0\x43a5\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf398\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0at\2\0\x3732270\xffe0\xffff\x6b76\b\26\0\xf290\x12f\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffmshtml.dll\0dll\b\0\xe18\x130\xffe0\xffff\x6b76\a\34\0\xf2d8\x12f\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf320\x12f\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:10 2007\0l\xffd8\xffff\x6b76\r\16\0\xf380\x12f\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff2f989d\0{at\xffe8\xffff\xf270\x12f\xf2b8\x12f\xf2f8\x12f\xf358\x12f\xf3b0\x12f\xffe0\xffff\x6b76\b:\0\xf3d0\x12f\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x7450\x43b1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf580\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0at\2\0\x3832270\xffe0\xffff\x6b76\b\30\0\xf488\x12f\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffjsproxy.dll\0ll\xffe0\xffff\x6b76\a\34\0\xf4c8\x12f\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf510\x12f\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:04:10 2007\0000\xffd8\xffff\x6b76\r\n\0\xf570\x12f\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff75ef\0000\xffe8\xffff\xf468\x12f\xf4a8\x12f\xf4e8\x12f\xf548\x12f\xf598\x12f\xffe0\xffff\x6b76\b:\0\xf5b8\x12f\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0l\xffa8\xffff\x6b6e \x82b0\x43b4\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf768\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00070\2\0\x3932l}{\xffe0\xffff\x6b76\b\26\0\xf670\x12f\1\0\1l\x6946\x656c\x614e\x656d\xffe0\xffffinseng.dll\0thn\xffe0\xffff\x6b76\a\34\0\xf6b0\x12f\1\0\1t\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf6f8\x12f\1\0\0012\x7542\x6c69\x4464\x7461el}{\xffc8\xffffMon Feb 19 16:04:10 2007\0{\xffd8\xffff\x6b76\r\f\0\xf758\x12f\1\0\1l\x7542\x6c69\x4364\x6568\x6b63\x7553m2\xfff0\xffff23d05\0\xffe8\xffff\xf650\x12f\xf690\x12f\xf6d0\x12f\xf730\x12f\xf780\x12f\xffe0\xffff\x6b76\b:\0\xf7a0\x12f\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \x9e0\x43b6\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf950\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3033n32\xffe0\xffff\x6b76\b\30\0\xf858\x12f\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffiepeers.dll\0.d\xffe0\xffff\x6b76\a\34\0\xf898\x12f\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xf8e0\x12f\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:10 2007\0002\xffd8\xffff\x6b76\r\f\0\xf940\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff48669\0\xffe8\xffff\xf838\x12f\xf878\x12f\xf8b8\x12f\xf918\x12f\xf968\x12f\xffe0\xffff\x6b76\b:\0\xf988\x12f\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \xbc30\x43c0\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xfb30\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3133dll\xffe0\xffff\x6b76\b\22\0\xfa40\x12f\1\0\1d\x6946\x656c\x614e\x656d\xffe8\xffffiedw.exe\0l\xffe0\xffff\x6b76\a\34\0\xfa78\x12f\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\xfac0\x12f\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 10:01:26 2007\0000\xffd8\xffff\x6b76\r\n\0\xfb20\x12f\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffffa4c7\0000\xffe8\xffff\xfa20\x12f\xfa58\x12f\xfa98\x12f\xfaf8\x12f\xfb48\x12f\xffe0\xffff\x6b76\b:\0\xfb68\x12f\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0l\xffa8\xffff\x6b6e \x4360\x43c2\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xfd18\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\00070\2\0\x3233l}{\xffe0\xffff\x6b76\b\26\0\xfc20\x12f\1\0\1l\x6946\x656c\x614e\x656d\xffe0\xffffextmgr.dll\0thn\xffe0\xffff\x6b76\a\34\0\xfc60\x12f\1\0\1t\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xfca8\x12f\1\0\0012\x7542\x6c69\x4464\x7461el}{\xffc8\xffffMon Feb 19 16:04:10 2007\0{\xffd8\xffff\x6b76\r\f\0\xfd08\x12f\1\0\1l\x7542\x6c69\x4364\x6568\x6b63\x7553m2\xfff0\xffff111b8\0\xffe8\xffff\xfc00\x12f\xfc40\x12f\xfc80\x12f\xfce0\x12f\xfd30\x12f\xffe0\xffff\x6b76\b:\0\xfd50\x12f\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \xe750\x43c9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xff00\x12f\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3333n32\xffe0\xffff\x6b76\b\30\0\xfe08\x12f\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffdxtrans.dll\0.d\xffe0\xffff\x6b76\a\34\0\xfe48\x12f\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\xfe90\x12f\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:10 2007\0002\xffd8\xffff\x6b76\r\f\0\xfef0\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff37650\0\xffe8\xffff\xfde8\x12f\xfe28\x12f\xfe68\x12f\xfec8\x12f\xff18\x12f\xffe0\xffff\x6b76\b:\0\xff38\x12f\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \x410\x43d0\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xe8\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3433dll\xffe0\xffff\x6b76\b\30\0\xfff0\x12f\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffdxtmsft.dll\0at\xffe0\xffff\x6b76\a\34\0000\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0x\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:09 2007\0l\xffd8\xffff\x6b76\r\f\0\xd8\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xfff0\xffff622ab\0\xffe8\xffff\xffd0\x12f\20\x130P\x130\xb0\x130\x100\x130\xffe0\xffff\x6b76\b:\0\x120\x130\1\0\0010\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0t\xffa8\xffff\x6b6e \x8b40\x43d1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2c8\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\0ll\2\0\x3533thn\xffe0\xffff\x6b76\b\24\0\x1d8\x130\1\0\1t\x6946\x656c\x614e\x656d\xffe8\xffffdanim.dll\0\xffe0\xffff\x6b76\a\24\0\x210\x130\1\0\1t\x6556\x7372\x6f69n\xffe8\xffff6.3.1.148\0\xffd8\xffff\x6b76\t2\0\x250\x130\1\0\1t\x7542\x6c69\x4464\x7461e0.d\xffc8\xffffMon Feb 19 16:04:09 2007\0d\xffd8\xffff\x6b76\r\16\0\x2b0\x130\1\0\0010\x7542\x6c69\x4364\x6568\x6b63\x7553mt\xffe8\xffff1078c3\0l}{\xffe8\xffff\x1b8\x130\x1f0\x130\x228\x130\x288\x130\x2e0\x130\xffe0\xffff\x6b76\b:\0\x300\x130\1\0\1d\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0n\xffa8\xffff\x6b6e \x3d90\x43dc\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x4b0\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\0}{\2\0\x3633n32\xffe0\xffff\x6b76\b\30\0\x3b8\x130\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffcdfview.dll\0.d\xffe0\xffff\x6b76\a\34\0\x3f8\x130\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x440\x130\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:04:09 2007\0002\xffd8\xffff\x6b76\r\f\0\x4a0\x130\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xfff0\xffff34df9\0\xffe8\xffff\x398\x130\x3d8\x130\x418\x130\x478\x130\x4c8\x130\xffe0\xffff\x6b76\b:\0\x4e8\x130\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0d\xffa8\xffff\x6b6e \x4bf0\x43df\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x6a0\x130\x210\0\xffff\xffff\0\0\0\0\32\0:\00032\2\0\x3733dll\xffe0\xffff\x6b76\b\32\0\x5a0\x130\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffbrowseui.dll\0t\xffe0\xffff\x6b76\a\34\0\x5e0\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x628\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:04:09 2007\0l\xffd8\xffff\x6b76\r\16\0\x688\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff1079e9\0{at\xffe8\xffff\x580\x130\x5c0\x130\x600\x130\x660\x130\x6b8\x130\xffe0\xffff\x6b76\b:\0\x6d8\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffc0\xffffC:\WINDOWS\system32\DllCache\0002\xffa8\xffff\x6b6e \x8570\x43eb\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x888\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3833270\xffe0\xffff\x6b76\b\26\0\x790\x130\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffextmgr.dll\0dll\xffe0\xffff\x6b76\a\34\0\x7d0\x130\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x818\x130\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:23:01 2007\0000\xffd8\xffff\x6b76\r\f\0\x878\x130\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff1b9c5\0\xffe8\xffff\x770\x130\x7b0\x130\x7f0\x130\x850\x130\x8a0\x130\xffe0\xffff\x6b76\bH\0\x8c0\x130\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\00032\xffa8\xffff\x6b6e \xa230\x43f1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xa80\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3933270\xffe0\xffff\x6b76\b\30\0\x988\x130\1\0\0012\x6946\x656c\x614e\x656d\xffe0\xffffshlwapi.dll\0ll\xffe0\xffff\x6b76\a\34\0\x9c8\x130\1\0\1d\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xa10\x130\1\0\1{\x7542\x6c69\x4464\x7461e270\xffc8\xffffMon Feb 19 16:23:02 2007\0000\xffd8\xffff\x6b76\r\f\0\xa70\x130\1\0\0012\x7542\x6c69\x4364\x6568\x6b63\x7553m{\xfff0\xffff7ffca\0\xffe8\xffff\x968\x130\x9a8\x130\x9e8\x130\xa48\x130\xa98\x130\xffe0\xffff\x6b76\bH\0\xab8\x130\1\0\1n\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\00032\xffa8\xffff\x6b6e \x62e0\x43ff\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf138\x12f\x210\0\xffff\xffff\0\0\0\0\32\0H\0at\2\0\x3034270\xfe10\xffff\x686c:\x77d0\x012f0\0\x7940\x012f1\0\x89e0\x12f\x745\0\x8ba8\x12f\x746\0\x8da0\x12f\x747\0\x8f68\x12f\x748\0\xb7d8\x12f\x749\0\xb9b0\x12f\x74a\0\xbb88\x12f\x74b\0\xbd68\x12f\x74c\0\xbfa0\x12f\x74d\0\x61c0\x130\x74e\0\x7b20\x012f2\0\x63a8\x130\x76a\0\x6590\x130\x76b\0\x6778\x130\x76c\0\x6968\x130\x76d\0\x6b50\x130\x76e\0\x6d38\x130\x76f\0\x6f20\x130\x770\0\xf218\x12f\x771\0\xf410\x12f\x772\0\xf5f8\x12f\x773\0\x7cf8\x012f3\0\xf7e0\x12f\x78f\0\xf9c8\x12f\x790\0\xfba8\x12f\x791\0\xfd90\x12f\x792\0\xff78\x12f\x793\0\x160\x130\x794\0\x340\x130\x795\0\x528\x130\x796\0\x718\x130\x797\0\x910\x130\x798\0\x7ed8\x012f4\0\xb08\x130\x7b4\0\xdc0\x130\x7b5\0\xfa8\x130\x7b6\0\x11a8\x130\x7b7\0\x13a0\x130\x7b8\0\x1598\x130\x7b9\0\x1790\x130\x7ba\0\x1988\x130\x7bb\0\x1b80\x130\x7bc\0\x1d78\x130\x7bd\0\x80c0\x012f5\0\x1f70\x130\x7d9\0\x2160\x130\x7da\0\x2358\x130\x7db\0\x2550\x130\x7dc\0\x2740\x130\x7dd\0\x2938\x130\x7de\0\x2b38\x130\x7df\0\x2d30\x130\x7e0\0\x8288\x012f6\0\x8450\x012f7\0\x8638\x012f8\0\x8818\x012f9\00070.dll}{athn\xffe0\xffff\x6b76\bH\0\xd70\x130\1\0\1t\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0hn\xffa8\xffff\x6b6e \x1530\x440a\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xf20\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0}{\2\0\x3134n32\xffe0\xffff\x6b76\b\30\0\xe38\x130\1\0\1n\x6946\x656c\x614e\x656d\xffe0\xffffwininet.dll\0.d\xffe0\xffff\x6b76\a\34\0\xe78\x130\1\0\0010\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\xec0\x130\1\0\1l\x7542\x6c69\x4464\x7461en32\xffc8\xffffMon Feb 19 16:23:02 2007\0002\xffd8\xffff\x6b76\r\f\0\xf150\x12f\1\0\1n\x7542\x6c69\x4364\x6568\x6b63\x7553ml\xffe8\xffff\xe18\x130\xe58\x130\xe98\x130\xef8\x130\xf38\x130\xffe0\xffff\x6b76\bH\0\xf58\x130\1\0\0010\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0.d\xffa8\xffff\x6b6e \xf2a0\x441d\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1120\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\00032\2\0\x3234dll\xffe0\xffff\x6b76\b\30\0\x1020\x130\1\0\1d\x6946\x656c\x614e\x656d\xffe0\xffffshdocvw.dll\0at\xffe0\xffff\x6b76\a\34\0\x1060\x130\1\0\1{\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x10a8\x130\1\0\1n\x7542\x6c69\x4464\x7461edll\xffc8\xffffMon Feb 19 16:23:02 2007\0l\xffd8\xffff\x6b76\r\16\0\x1108\x130\1\0\1d\x7542\x6c69\x4364\x6568\x6b63\x7553mn\xffe8\xffff17da05\0{at\xffe8\xffff\x1000\x130\x1040\x130\x1080\x130\x10e0\x130\x1138\x130\xffe0\xffff\x6b76\bH\0\x1158\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x5cc0\x44a1\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1318\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3334{at\xffe0\xffff\x6b76\b\32\0\x1220\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffmshtmled.dll\0002\xffe0\xffff\x6b76\a\34\0\x1260\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x12a8\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x1308\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff79b7e\0\xffe8\xffff\x1200\x130\x1240\x130\x1280\x130\x12e0\x130\x1330\x130\xffe0\xffff\x6b76\bH\0\x1350\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \xb300\x44b3\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1510\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3434{at\xffe0\xffff\x6b76\b\30\0\x1418\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffjsproxy.dll\00032\xffe0\xffff\x6b76\a\34\0\x1458\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x14a0\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\n\0\x1500\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff98de\0t\xffe8\xffff\x13f8\x130\x1438\x130\x1478\x130\x14d8\x130\x1528\x130\xffe0\xffff\x6b76\bH\0\x1548\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \xcfc0\x44b9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1708\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3534{at\xffe0\xffff\x6b76\b\32\0\x1610\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffspru040c.dll\0002\xffe0\xffff\x6b76\a\34\0\x1650\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\x1698\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 10:56:57 2007\0t\xffd8\xffff\x6b76\r\f\0\x16f8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff4b2ff\0\xffe8\xffff\x15f0\x130\x1630\x130\x1670\x130\x16d0\x130\x1720\x130\xffe0\xffff\x6b76\bH\0\x1740\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x6550\x44be\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1900\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3634{at\xffe0\xffff\x6b76\b\26\0\x1808\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffinseng.dll\0n32\xffe0\xffff\x6b76\a\34\0\x1848\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1890\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x18f0\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff1a255\0\xffe8\xffff\x17e8\x130\x1828\x130\x1868\x130\x18c8\x130\x1918\x130\xffe0\xffff\x6b76\bH\0\x1938\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x8210\x44c4\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1af8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3734{at\xffe0\xffff\x6b76\b\30\0\x1a00\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffdxtrans.dll\00032\xffe0\xffff\x6b76\a\34\0\x1a40\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1a88\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:01 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ae8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff337f7\0\xffe8\xffff\x19e0\x130\x1a20\x130\x1a60\x130\x1ac0\x130\x1b10\x130\xffe0\xffff\x6b76\bH\0\x1b30\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x9ed0\x44ca\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1cf0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3834{at\xffe0\xffff\x6b76\b\32\0\x1bf8\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffmsrating.dll\0002\xffe0\xffff\x6b76\a\34\0\x1c38\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1c80\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:02 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ce0\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff315f9\0\xffe8\xffff\x1bd8\x130\x1c18\x130\x1c58\x130\x1cb8\x130\x1d08\x130\xffe0\xffff\x6b76\bH\0\x1d28\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0}{\xffa8\xffff\x6b6e \x3460\x44cf\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1ee8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0.d\2\0\x3934{at\xffe0\xffff\x6b76\b\30\0\x1df0\x130\1\0\1{\x6946\x656c\x614e\x656d\xffe0\xffffcdfview.dll\00032\xffe0\xffff\x6b76\a\34\0\x1e30\x130\1\0\1n\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x1e78\x130\1\0\0010\x7542\x6c69\x4464\x7461e{at\xffc8\xffffMon Feb 19 16:23:00 2007\0t\xffd8\xffff\x6b76\r\f\0\x1ed8\x130\1\0\1{\x7542\x6c69\x4364\x6568\x6b63\x7553m0\xfff0\xffff29050\0\xffe8\xffff\x1dd0\x130\x1e10\x130\x1e50\x130\x1eb0\x130\x1f00\x130\xffe0\xffff\x6b76\bH\0\x1f20\x130\1\0\1l\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0,4\xffa8\xffff\x6b6e \x5120\x44d5\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x20d8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0fx\2\0\x3035.dl\xffe0\xffff\x6b76\b\24\0\x1fe8\x130\1\0\18\x6946\x656c\x614e\x656d\xffe8\xffffdanim.dll\0\xffe0\xffff\x6b76\a\24\0\x2020\x130\1\0\1\0\x6556\x7372\x6f69n\xffe8\xffff6.3.1.148\0\xffd8\xffff\x6b76\t2\0\x2060\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\16\0\x20c0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xffe8\xffff105810\0\0\0\0\xffe8\xffff\x1fc8\x130\x2000\x130\x2038\x130\x2098\x130\x20f0\x130\xffe0\xffff\x6b76\bH\0\x2110\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x2e90\x44e9\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x22d0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3135\0\0\0\xffe0\xffff\x6b76\b\30\0\x21d8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffdxtmsft.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2218\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.3.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2260\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\f\0\x22c0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff64c13\0\xffe8\xffff\x21b8\x130\x21f8\x130\x2238\x130\x2298\x130\x22e8\x130\xffe0\xffff\x6b76\bH\0\x2308\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x59b0\x44f2\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x24c8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3235\0\0\0\xffe0\xffff\x6b76\b\30\0\x23d0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffiepeers.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2410\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2458\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:01 2007\0\0\xffd8\xffff\x6b76\r\f\0\x24b8\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff3ffba\0\xffe8\xffff\x23b0\x130\x23f0\x130\x2430\x130\x2490\x130\x24e0\x130\xffe0\xffff\x6b76\bH\0\x2500\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \xef40\x44f6\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x26b8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3335\0\0\0\xffe0\xffff\x6b76\b\22\0\x25c8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe8\xffffiedw.exe\0\0\xffe0\xffff\x6b76\a\34\0\x2600\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff5.1.2600.3086\0\xffd8\xffff\x6b76\t2\0\x2648\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 11:10:49 2007\0\0\xffd8\xffff\x6b76\r\n\0\x26a8\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff97ab\0\0\xffe8\xffff\x25a8\x130\x25e0\x130\x2620\x130\x2680\x130\x26d0\x130\xffe0\xffff\x6b76\bH\0\x26f0\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x84d0\x44fb\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x28b0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3435\0\0\0\xffe0\xffff\x6b76\b\26\0\x27b8\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffmstime.dll\0\0\0\0\xffe0\xffff\x6b76\a\34\0\x27f8\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2840\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:03 2007\0\0\xffd8\xffff\x6b76\r\f\0\x28a0\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffff8ec33\0\xffe8\xffff\x2798\x130\x27d8\x130\x2818\x130\x2878\x130\x28c8\x130\xffe0\xffff\x6b76\bH\0\x28e8\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \xb880\x4521\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2ab0\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3535\0\0\0\xffe0\xffff\x6b76\b\32\0\x29b0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffbrowseui.dll\0\0\xffe0\xffff\x6b76\a\34\0\x29f0\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2a38\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:00 2007\0\0\xffd8\xffff\x6b76\r\16\0\x2a98\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xffe8\xffff106a0d\0\0\0\0\xffe8\xffff\x2990\x130\x29d0\x130\x2a10\x130\x2a70\x130\x2ac8\x130\xffe0\xffff\x6b76\bH\0\x2ae8\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \x8790\x4532\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2ca8\x130\x210\0\xffff\xffff\0\0\0\0\32\0H\0\0\0\2\0\x3635\0\0\0\xffe0\xffff\x6b76\b\30\0\x2bb0\x130\1\0\1\0\x6946\x656c\x614e\x656d\xffe0\xffffpngfilt.dll\0\0\0\xffe0\xffff\x6b76\a\34\0\x2bf0\x130\1\0\1\0\x6556\x7372\x6f69n\xffe0\xffff6.0.2900.3086\0\xffd8\xffff\x6b76\t2\0\x2c38\x130\1\0\1\0\x7542\x6c69\x4464\x7461e\0\0\0\xffc8\xffffMon Feb 19 16:23:02 2007\0\0\xffd8\xffff\x6b76\r\n\0\x2c98\x130\1\0\1\0\x7542\x6c69\x4364\x6568\x6b63\x7553m\0\xfff0\xffffbca1\0\0\xffe8\xffff\x2b90\x130\x2bd0\x130\x2c10\x130\x2c70\x130\x2cc0\x130\xffe0\xffff\x6b76\bH\0\x2ce0\x130\1\0\1\0\x6f4c\x6163\x6974\x6e6f\xffb0\xffffc:\windows\$hf_mig$\KB931768\SP2QFE\0\0\0\xffa8\xffff\x6b6e \xa450\x4538\x963c\x1c7\0\0\x7778\x12f\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x2ea8"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 10:27:05
C:\ComboFix-quarantined-files.txt ... 2007-07-30 10:26
C:\ComboFix2.txt ... 2007-07-30 09:00

--- E O F ---

re

très bien  

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.

lun. 30/07/2007 a 10:51:22,58

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
*** Fin du rapport !

ça se termine  

~Télécharge AVG anti-spyware.
http://www.ewido.net/en/download/
~Mets le à jour.

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


1

Redémarre en mode sans échec. (f8 au démarrage)

2


~Lance CCleaner:

Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


3

~Lance AVG anti-spyware.

~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.


4


Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.


~Redémarre normalement

5

Poste le rapport clean qui se trouve en C:\rapport_clean.txt

~Copie/Colle le rapport AVG anti-spyware.

+++++++++++++++++++++++++++++++++
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

TutoAVG antispyware : (merci à Malekal) .
http://www.malekal.com/tutorial_AVG_AntiSpyware.html

lors de la mise a jour ca note un message d'erreur: erreur impossible d'acceder au serveur "..." (j'ai pas eu le temps de retenir le nom du serveur...

le nom c'est updateasfreeinfo...

ça marche

http://downloads.grisoft.cz/softw/70/filedir/inst/avgas...

je viens de tester  

ah je peux t'assurer que chez moi pas  

je viens de le réinstaller, ca a redemarer mon pc mais lors de la mise a jour ca va pas... ca remet "impossible de se connecter au serveur updateasfreeinfo.gri..."

je me suis permis d'analyser mon ordi avec ce programe ca a déja trouver 108 fichier infecté peut etre qu'apres les avoir mis en quanrentaines la mise a jour ira....???? je ne sais pas je debute en informatique...

il faut faire les chose dans l'ordre que je te donne.
1- Ccleaner
2 AVG a.s.

patiente pour les mises à jours, leur serveur est peut-être encombré.
le scan sans mises à jour ne m'interresse pas trop.  

n'y aurais t'il pas une autre raison pour que les mises a jour n'aillent pas? j'ai encore refait une dizaine de fois et ca donne toujours:

erreur: impossible de se connecter au serveur updateasfreeinfo.gri...

EDIT: trojan c'est un virus non??? car l'analyse en a detecté un...

PS: je ne sais pas si cela a avoir mais mon anti-virus "avast!" plante quand il essaye de faire une mise a jour automatique...

on va vérifier quelque chose:

~Télécharge. F-Secure Blacklight

https://europe.f-secure.com/exclude/blacklight/fsbl.exe


- Lance F-Secure Blacklight (fichier fsbl.exe)
- Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
- Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

Attention ! .
Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
Tuto de F-Secure BlackLight : (merci à Malekal) .
http://www.malekal.com/tutorial_f-secure_BlackLight.htm...

Hello moi aussi j'ai eu un pb avec système 32 je ne sais pas si je l'aie résolu mais mon ordi est fatigué et quand je l'étteint, y'a toujour une fenêtre qui me dit qu'un programme est en cours d'utilisation alors que j'ai tout fermer... j'ai AVAST à la maison mais je ne sais pas s'il fonctionne???!!! pouvez-vous m'aider si je fait la même mannip que dessus je risque d'endomager un truc?

bonjour ciwi1999


oui, cette procédure est particulière à cette infection...

à lire avant de poster

07/30/07 13:59:22 [Info]: BlackLight Engine 1.0.64 initialized
07/30/07 13:59:22 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/30/07 13:59:22 [Note]: 7019 4
07/30/07 13:59:22 [Note]: 7005 0
07/30/07 13:59:28 [Note]: 7006 0
07/30/07 13:59:28 [Note]: 7011 2020
07/30/07 13:59:28 [Note]: 7026 0
07/30/07 13:59:28 [Note]: 7026 0
07/30/07 13:59:39 [Note]: FSRAW library version 1.7.1022
07/30/07 14:09:14 [Note]: 7007 0


EDIT: toujours pas de conection au serveur updateasfreeinfo.gri...

zut et comment je peux faire pour savoir si g un virus ou autre dans mon ordi il fait des choses très étranges des fois...

facile ouvre un nouveau topic et poste un rapport HijackThis (c'est ce que j'ai fait  )

Moi tu sais je suis un peu naz j'ai ouvert un sujet et un type ma répondu il m'a demander la même chose que toi (je ne sais absoluement pas ce que c'est) mais il m'avait mis un lien. j'y suis allée, j'ai télécharger un logiciel (lequel je ne sais pas) et j'ai eu une sorte de rapport comme le tien plus haut que j'ai posté mais la personnes est hor ligne maintenant... donc je ne sais pas trop en même temps mon ordi n'est pas non plus à l'agonie il est juste un peu chelou des fois il fait des choses étranges.

en tous les cas se site est super les gens résolvent no problèmes c'est super chouette  

je suis sur que Sham-Rock va venir t'aider... hein  

oui je pense aussi il a l'air super gentil et calé en info... comparer à moi je suis un peu une buze!!! LOL  

Je suis une m**** en info lol mais je lui fait confiance, j'essaye de suivre ses instruction... (il faut etre souvent tres patient car certaines analyses dur une bonne grosse heure   mais bon j'essaye de resister a l'envie de jeter mon ordi par ma fenetre   )

frenssss, je pense que j'ai une piste...
juste pour info (si tu veux savoir ce qu'on fait)
http://lelogiciellibre.net/tutoriaux/fichier-hosts.php

Télécharge HostsNDE de bibi26.

Double clique sur HostsNDE.exe.

L'outil va travailler et générer un rapport dans ton bloc-notes

Copie et colle le contenu du rapport dans ta prochaine réponse.

heu serais-ce possible que ton lien de telechargement soit incorect?

car je n'arrive pas a l'ouvrir...


j'aurais voulu t'envoyer un screen comment je dois faire pour le poster???

pas que je telecharge n'importe quoi mais le lien ne serai pas plutot:

http://bibi26.power-heberg.com/logiciels/HostsNDE.exe

excuse moi  
http://bibi26.power-heberg.com/logiciels/HostsNDE.exe

Hosts Not Dangerous Export - bibi26

Récupération du fichier hosts... Les « www. » sont automatiquement remplacés par « 3w. » pour rendre les liens incliquables.

127.0.0.1 localhost



voici mon rapport ^^


citation:

"excuse moi"


reponse apres tout ce que fait pour moi... comment pourrais-je faire pour ne pas t'escuser... ^^

alors je ne comprends pas...  

tu as installé un pare feu dernièrement?

poste un nouveau log hijackthis...

c'est quoi un Proxy en fait? peut etre que l'utilise je ne sais pas mais quand tu m'a donné le lien qui n'allait pas ca m'a parlé d'un proxy...

mais si tu pouvait m'expliquer comment mettre un screen je pourrais te montrer cette fameuse page...

Logfile of HijackThis v1.99.1
Scan saved at 14:45:17, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ScanPanel\ScnPanel.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\laurent\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.47.14.2/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.47.14.2:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Qlmau2kmnspk - Parallel Technologies, Inc. - (no file)

utilise ceci:
http://cjoint.com/

ou si tu veux, copie exactement les messages d'erreur, pour avast et pour AVG Anti-Spyware

http://cjoint.com/?hEpzaY6IPw

voial ce que sa note... pour le proxy... je fait la meme chose pour AVG et avast!

mais dit moi si j'utilise un proxy ou pas car sur la mise a jour de AVG il parle de sa a droite

ok

c'est un prob de config de proxy apparement,

je regarderai ce sioir car je vais devoir faire des recherches.

cherches de ton coté aussi (avec le numéro d'erreur)

wouah trop fort tu as réussi a distance à trouver le PB trop fort vraiment

re
lance avg, clique sur le bouton mise a jour

clique à droite dans "si vous avez besoin d'un proxy....", coche cette case  

erreur: impossible de ce connecter au proxy local host

n'existe-t-il pas un autre anti spyware?

fais le scan sans la mise à jour, on va supposer que comme tu l'as téléchargé ce matin, la mise à jour est récente.

heu... je doit suivre les instruction avec Ccleaner et ca?

re


exactement.

(en mode sans echec, comme je te l'ai précisé dans la procédure)