Votre question

Redirection depuis google

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Mai 2009 21:26:19

Salut,

J'ai en ce moment un virus coriace qui redirectionne les liens depuis google.
J'ai déjà essayé différentes solutions que donnent les forums mais j'arrive pas a m'en débarrasser totalement.

mille mille mercis pour votre aide!!

Autres pages sur : redirection google

a c 318 8 Sécurité
8 Mai 2009 21:37:01

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    8 Mai 2009 22:23:48

    salut
    merci de me répondre!

    ici c'est le log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by dalie at 2009-05-08 21:20:18
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 16 GB (46%) free of 35 GB
    Total RAM: 447 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:20:36, on 5/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Documents and Settings\dalie\Desktop\foralexpc\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\dalie.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9826 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
    McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-23 312928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
    McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-09 106496]
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "LaunchApp"=Alaunch []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-11 7626752]
    "nwiz"=nwiz.exe /install []
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-11 86016]
    "Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-19 49152]
    "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-18 345088]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-23 198160]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]
    "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
    "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-06-06 544768]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-13 68856]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

    C:\Documents and Settings\dalie\Start Menu\Programs\Startup
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:D isabled:Firefox"
    "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe"="C:\Acer\Empowering Technology\ePerformance\MemCheck.exe:*:Enabled:MemCheck"
    "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
    "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9047220-aec9-11dd-aabc-001921545811}]
    shell\explore\command - J:\XGZP.PIF
    shell\open\command - J:\XGZP.PIF


    ======List of files/folders created in the last 1 months======

    2009-05-08 19:35:57 ----D---- C:\Program Files\BitLord
    2009-05-06 02:12:19 ----D---- C:\Program Files\BitLord2
    2009-05-02 23:21:30 ----A---- C:\Bug.txt
    2009-04-30 01:07:30 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
    2009-04-30 01:07:22 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
    2009-04-30 01:00:19 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
    2009-04-29 09:26:02 ----SHD---- C:\RECYCLER
    2009-04-28 08:57:54 ----A---- C:\ComboFix.txt
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\zip.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\vFind.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWSC.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWREG.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\sed.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-04-28 08:46:47 ----A---- C:\WINDOWS\grep.exe
    2009-04-28 08:27:35 ----D---- C:\WINDOWS\ERDNT
    2009-04-28 08:22:21 ----D---- C:\Qoobox
    2009-04-27 09:05:40 ----HD---- C:\WINDOWS\PIF
    2009-04-26 09:54:20 ----D---- C:\rsit
    2009-04-25 09:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-25 09:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-25 09:00:33 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-04-25 08:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-25 08:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-25 08:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-25 08:59:00 ----A---- C:\WINDOWS\imsins.BAK
    2009-04-25 08:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-25 08:55:07 ----N---- C:\WINDOWS\system32\xpsp4res.dll
    2009-04-24 10:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-24 09:39:43 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-24 09:36:17 ----A---- C:\TB.txt
    2009-04-24 09:15:29 ----D---- C:\ToolBar SD
    2009-04-24 09:15:21 ----D---- C:\Program Files\CCleaner
    2009-04-24 03:34:05 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-04-24 03:33:05 ----A---- C:\rapport.txt
    2009-04-24 02:43:05 ----D---- C:\Program Files\Lavasoft
    2009-04-24 02:43:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2009-04-24 00:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2009-04-24 00:30:45 ----D---- C:\Program Files\Common Files\McAfee
    2009-04-24 00:30:42 ----D---- C:\Program Files\McAfee.com
    2009-04-24 00:30:31 ----D---- C:\Program Files\McAfee
    2009-04-24 00:19:36 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2009-04-23 10:35:21 ----D---- C:\Program Files\Trend Micro
    2009-04-23 09:59:07 ----A---- C:\cleannavi.txt
    2009-04-17 23:55:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-04-17 23:54:34 ----D---- C:\Program Files\Common Files\Adobe
    2009-04-17 23:50:46 ----D---- C:\Program Files\NOS
    2009-04-17 23:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2009-04-17 10:53:51 ----A---- C:\fixnavi.txt
    2009-04-17 10:52:15 ----D---- C:\Program Files\Navilog1
    2009-04-12 14:51:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-04-12 10:02:21 ----D---- C:\WINDOWS\system32\Kaspersky Lab

    ======List of files/folders modified in the last 1 months======

    2009-05-08 21:20:22 ----D---- C:\WINDOWS\temp
    2009-05-08 21:14:40 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-08 21:02:59 ----D---- C:\WINDOWS\Prefetch
    2009-05-08 20:43:40 ----A---- C:\WINDOWS\win.ini
    2009-05-08 19:35:57 ----RD---- C:\Program Files
    2009-05-08 16:34:16 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
    2009-05-08 16:33:58 ----D---- C:\WINDOWS\Registration
    2009-05-08 16:33:46 ----AD---- C:\WINDOWS
    2009-05-08 12:09:07 ----D---- C:\WINDOWS\system32\FxsTmp
    2009-05-08 12:07:09 ----A---- C:\WINDOWS\WORDPAD.INI
    2009-05-08 10:55:19 ----D---- C:\Program Files\Google
    2009-05-08 10:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-05-08 10:55:13 ----SD---- C:\WINDOWS\Tasks
    2009-05-08 10:55:11 ----SHD---- C:\WINDOWS\Installer
    2009-05-06 02:48:10 ----RSD---- C:\WINDOWS\assembly
    2009-05-06 02:48:10 ----D---- C:\WINDOWS\Microsoft.NET
    2009-05-06 02:19:46 ----AD---- C:\WINDOWS\system32
    2009-05-06 02:19:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-06 02:16:25 ----D---- C:\WINDOWS\WinSxS
    2009-05-06 02:15:17 ----HD---- C:\WINDOWS\inf
    2009-05-06 02:15:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-05-06 02:14:59 ----D---- C:\Program Files\Internet Explorer
    2009-05-06 02:14:44 ----D---- C:\WINDOWS\pchealth
    2009-05-06 00:43:04 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-05-06 00:42:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-05-06 00:42:17 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-30 01:07:46 ----AD---- C:\WINDOWS\system32\drivers
    2009-04-28 08:54:34 ----A---- C:\WINDOWS\system.ini
    2009-04-28 08:50:34 ----D---- C:\WINDOWS\system32\config
    2009-04-28 08:49:39 ----D---- C:\WINDOWS\AppPatch
    2009-04-28 08:49:35 ----D---- C:\Program Files\Common Files
    2009-04-28 08:46:46 ----D---- C:\WINDOWS\system32\Restore
    2009-04-28 08:46:45 ----SHD---- C:\system volume information
    2009-04-26 18:00:25 ----D---- C:\Program Files\GemMaster
    2009-04-26 10:03:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-26 09:41:06 ----D---- C:\WINDOWS\system32\wbem
    2009-04-25 09:05:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-25 09:04:03 ----D---- C:\WINDOWS\system32\en-us
    2009-04-25 08:59:28 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-24 09:49:28 ----D---- C:\Program Files\NewTech Infosystems
    2009-04-24 09:35:04 ----D---- C:\WINDOWS\Debug
    2009-04-24 09:23:42 ----D---- C:\Program Files\Registry Mechanic
    2009-04-24 09:23:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-04-24 02:34:11 ----D---- C:\Program Files\LimeWire
    2009-04-17 23:54:34 ----D---- C:\Program Files\Adobe
    2009-04-12 10:02:22 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-04-11 12:58:08 ----D---- C:\WINDOWS\BDOSCAN8

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
    R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
    R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-11 3934592]
    R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
    R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-29 244864]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-30 13224]
    S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-30 24616]
    S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
    S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090129.001\symidsco.sys []
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-12 28672]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
    R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
    R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-11 155715]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
    Contenus similaires
    8 Mai 2009 22:24:44

    et la le info.txt :


    info.txt logfile of random's system information tool 1.06 2009-05-08 21:20:42

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
    Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
    Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
    Acer WLAN 11g USB Dongle-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1033
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Gimp 2.6.2 Debug-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
    GTK2-Runtime-->C:\Program Files\GTK2-Runtime\gtk2_runtime_uninst.exe
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
    ODZsnowsaverPC-->C:\Program Files\ODZsnowsaverPC\Uninstall.exe
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    VideoLAN VLC media player 0.8.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
    Windows Driver Package - AMD System (04/06/2006 1.0.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdaway_6BBB63755B7B133065E435E51557E416289081C4\amdaway.inf
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: McAfee VirusScan
    FW: McAfee Personal Firewall

    ======System event log======

    Computer Name: ACER-511EBA12DF
    Event Code: 7034
    Message: The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

    Record Number: 12078
    Source Name: Service Control Manager
    Time Written: 20090402201941.000000+060
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 7031
    Message: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    Record Number: 12077
    Source Name: Service Control Manager
    Time Written: 20090402201941.000000+060
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 8021
    Message: The browser was unable to retrieve a list of servers from the browser master \\HENRIQUE-PC on the network \Device\NetBT_Tcpip_{BA475D0F-9962-4487-94B6-1A8E0E95A151}.
    The data is the error code.

    Record Number: 12071
    Source Name: BROWSER
    Time Written: 20090402195750.000000+060
    Event Type: warning
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 1003
    Message: Error code 100000d1, parameter1 e1c60000, parameter2 00000002, parameter3 00000000, parameter4 f368dd00.

    Record Number: 12067
    Source Name: System Error
    Time Written: 20090402194559.000000+060
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 8003
    Message: The master browser has received a server announcement from the computer JFPB
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BA475D0F-9962-4487-94B6.
    The master browser is stopping or an election is being forced.

    Record Number: 12038
    Source Name: MRxSmb
    Time Written: 20090402194514.000000+060
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: ACER-511EBA12DF
    Event Code: 1000
    Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00032c4f.

    Record Number: 7096
    Source Name: Application Error
    Time Written: 20090212232012.000000+000
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 1000
    Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00032c4f.

    Record Number: 7095
    Source Name: Application Error
    Time Written: 20090212231957.000000+000
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 1002
    Message: Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 6583
    Source Name: Application Hang
    Time Written: 20090210152436.000000+000
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 1000
    Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00317628.

    Record Number: 6570
    Source Name: Application Error
    Time Written: 20090210120953.000000+000
    Event Type: error
    User:

    Computer Name: ACER-511EBA12DF
    Event Code: 1002
    Message: Hanging application vlc.exe, version 0.8.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 6498
    Source Name: Application Hang
    Time Written: 20090210100114.000000+000
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\GTK2-Runtime\lib
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=5f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------

    a c 318 8 Sécurité
    8 Mai 2009 22:31:07

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    8 Mai 2009 22:43:58

    ok, voila le log :


    ############################## [ UsbFix V3.017 # Scan ]

    # User : dalie (Administrators) # ACER-511EBA12DF
    # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 9:40:35 PM | 5/8/2009

    # AMD Sempron(tm) Processor 3200+
    # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.13
    # Windows Firewall Status : Disabled
    # AV : McAfee VirusScan [ Enabled | Updated ]
    # FW : McAfee Personal Firewall[ Enabled ]

    # C:\ # Local Fixed Disk # 34.1 Go (15.73 Go free) [ACER] # NTFS
    # D:\ # Local Fixed Disk # 34.57 Go (34.57 Go free) [ACERDATA] # FAT32
    # E:\ # CD-ROM Disc
    # F:\ # Removable Disk # 124 Mo (47.3 Mo free) # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    HKCU_Main: "Start Page"="http://www.google.fr/"
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"="dalie"
    HKLM_logon: "AltDefaultUserName"="dalie"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: ehTray=C:\WINDOWS\ehome\ehtray.exe
    HKLM_Run: LaunchApp=Alaunch
    HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM_Run: nwiz=nwiz.exe /install
    HKLM_Run: RTHDCPL=RTHDCPL.EXE
    HKLM_Run: SkyTel=SkyTel.EXE
    HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    HKLM_Run: IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM_Run: Acer Empowering Technology Monitor=C:\WINDOWS\system32\SysMonitor.exe
    HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    HKLM_Run: eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKLM_Run: mcagent_exe="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM_Run: McENUI=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    HKLM_Run: SMSERIAL=sm56hlpr.exe
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]

    Found ! C:\WINDOWS\system32\tmp.txt
    Found ! F:\Recycled\ctfmon.exe

    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\explore\Command
    HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\open\Command

    ################## [ ! Fin du rapport # UsbFix V3.017 ! ]

    a c 318 8 Sécurité
    8 Mai 2009 22:57:42

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    8 Mai 2009 23:05:55

    ok, le log :


    ############################## [ UsbFix V3.017 # Cleaning ]

    # User : dalie (Administrators) # ACER-511EBA12DF
    # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 10:01:34 PM | 5/8/2009

    # AMD Sempron(tm) Processor 3200+
    # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.13
    # Windows Firewall Status : Enabled
    # AV : McAfee VirusScan [ Enabled | Updated ]
    # FW : McAfee Personal Firewall[ Enabled ]

    # C:\ # Local Fixed Disk # 34.1 Go (15.73 Go free) [ACER] # NTFS
    # D:\ # Local Fixed Disk # 34.57 Go (34.57 Go free) [ACERDATA] # FAT32
    # E:\ # CD-ROM Disc
    # F:\ # Removable Disk # 124 Mo (47.3 Mo free) # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\eHome\ehRec.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! C:\WINDOWS\system32\tmp.txt
    Deleted ! F:\Recycled\ctfmon.exe

    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\explore\Command

    ################## [ Listing des fichiers présent ]

    [04/26/2009 17:45|--a------|1564] - C:\aaw7boot.log
    [08/11/2006 22:04|--a------|50] - C:\AUTOEXEC.BAT
    [11/10/2008 02:34|-rahs----|221] - C:\boot.ini
    [05/02/2009 23:22|--a------|1040] - C:\Bug.txt
    [04/23/2009 10:03|--a------|3482] - C:\cleannavi.txt
    [04/28/2009 08:57|--a------|16643] - C:\ComboFix.txt
    [08/11/2006 21:40|--a------|0] - C:\CONFIG.SYS
    [04/22/2009 23:44|--a------|3259] - C:\fixnavi.txt
    [?|?|?] - C:\hiberfil.sys
    [08/11/2006 21:40|-rahs----|0] - C:\IO.SYS
    [08/11/2006 21:40|-rahs----|0] - C:\MSDOS.SYS
    [08/10/2004 21:00|-rahs----|47564] - C:\NTDETECT.COM
    [11/14/2008 11:32|-rahs----|250048] - C:\ntldr
    [?|?|?] - C:\pagefile.sys
    [08/11/2006 14:29|--a------|80] - C:\preload.aaa
    [04/25/2009 01:40|--a------|5593] - C:\rapport.txt
    [08/11/2006 21:52|--a------|499] - C:\RHDSetup.log
    [05/06/2009 10:05|--a------|2228] - C:\TB.txt
    [05/08/2009 22:02|--a------|3355] - C:\UsbFix.txt
    [03/23/2009 15:42|--a------|27777399] - F:\Satrapi__Persepolis_2__French_.pdf
    [03/23/2009 15:46|--a------|25312960] - F:\Satrapi__Persepolis_4__French_.pdf
    [03/23/2009 15:45|--a------|24396353] - F:\Satrapi__Persepolis_1__French_.pdf
    [04/03/2009 18:55|--a------|2906216] - F:\mbam-setup.exe

    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # F:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    # -> Nothing found !

    ################## [ ! Fin du rapport # UsbFix V3.017 ! ]

    a c 318 8 Sécurité
    8 Mai 2009 23:07:43

  • Désinstalle UsbFix.

  • Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
  • Double-clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)
    8 Mai 2009 23:19:46

    voila le log :


    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
    a c 318 8 Sécurité
    8 Mai 2009 23:41:09

    Citation :
    BitLord 1.1

    ---> Je déconseille ce logiciel qui contient un adware.

  • Désinstalle J2SE Runtime Environment 5.0 Update 6 et Java 6 Update 7.

    Ton PC a encore des problèmes ?
    9 Mai 2009 00:04:49

    ok merci, (ça veut dire que c'est pas forcement du a un virus? sorry jsuis curieuse..)

    Mais ouais, il y a toujours des redirections mais on dirait que c'est moins fréquent ; il reste, toujours depuis google, des redirections vers un prétendu scanneur en ligne ..
    (Cependant, je dois avouer que j'ai laissé bitlord (..) )
    a c 318 8 Sécurité
    9 Mai 2009 00:14:32

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    9 Mai 2009 00:27:34

    ComboFix 09-05-08.03 - dalie 05/08/2009 23:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.212 [GMT 1:00]
    Running from: c:\documents and settings\dalie\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
    .

    2009-05-08 20:38 . 2009-05-08 21:10 -------- d-----w C:\UsbFix
    2009-05-08 18:35 . 2009-05-08 18:37 -------- d-----w c:\program files\BitLord
    2009-05-06 01:23 . 2009-05-06 08:58 -------- d-----w c:\documents and settings\dalie\Local Settings\Application Data\BitLord
    2009-05-06 01:12 . 2009-05-08 18:25 -------- d-----w c:\program files\BitLord2
    2009-04-30 00:07 . 2008-03-21 12:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
    2009-04-30 00:00 . 2009-04-29 23:59 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
    2009-04-30 00:00 . 2009-04-29 23:59 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
    2009-04-27 08:05 . 2009-04-27 08:05 -------- d--h--w c:\windows\PIF
    2009-04-26 08:54 . 2009-05-08 20:20 -------- d-----w C:\rsit
    2009-04-25 07:55 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-25 07:55 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-25 07:55 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-25 07:55 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-25 07:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-25 07:55 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-25 07:55 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-25 07:55 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-25 07:55 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-25 07:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
    2009-04-25 07:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
    2009-04-24 09:00 . 2009-04-26 17:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-24 08:15 . 2009-05-06 09:05 -------- d-----w C:\ToolBar SD
    2009-04-24 08:15 . 2009-04-24 08:15 -------- d-----w c:\program files\CCleaner
    2009-04-24 02:31 . 2009-04-24 02:39 -------- d-----w c:\documents and settings\dalie\SmitfraudFix
    2009-04-24 01:43 . 2009-04-26 16:59 -------- d-----w c:\program files\Lavasoft
    2009-04-24 01:43 . 2009-04-26 16:59 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-04-23 23:50 . 2009-04-23 23:50 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2009-04-23 23:35 . 2009-04-23 23:35 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2009-04-23 23:31 . 2009-03-25 10:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-04-23 23:31 . 2009-03-25 10:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
    2009-04-23 23:31 . 2009-03-25 10:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-04-23 23:31 . 2008-10-23 12:08 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys
    2009-04-23 23:30 . 2009-04-23 23:31 -------- d-----w c:\program files\Common Files\McAfee
    2009-04-23 23:30 . 2009-04-23 23:30 -------- d-----w c:\program files\McAfee.com
    2009-04-23 23:30 . 2009-04-25 07:46 -------- d-----w c:\program files\McAfee
    2009-04-23 23:25 . 2009-03-25 10:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
    2009-04-23 23:19 . 2009-04-23 23:36 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2009-04-23 09:35 . 2009-04-23 09:35 -------- d-----w c:\program files\Trend Micro
    2009-04-17 22:58 . 2009-04-17 23:08 -------- d-----w c:\documents and settings\dalie\.SunDownloadManager
    2009-04-17 22:54 . 2009-04-17 22:56 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-17 22:50 . 2009-04-18 09:39 -------- d-----w c:\program files\NOS
    2009-04-17 22:50 . 2009-04-18 09:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2009-04-17 09:52 . 2009-04-24 00:55 -------- d-----w c:\program files\Navilog1
    2009-04-12 13:51 . 2009-04-12 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-04-12 09:02 . 2009-04-12 09:02 -------- d-----w c:\windows\system32\Kaspersky Lab

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 21:47 . 2008-11-10 01:36 -------- d-----w c:\program files\Java
    2009-05-08 09:55 . 2008-11-12 07:30 -------- d-----w c:\program files\Google
    2009-05-05 23:43 . 2006-08-11 21:04 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-30 00:07 . 2009-04-30 00:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
    2009-04-30 00:07 . 2009-04-30 00:07 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-04-29 23:59 . 2006-03-01 10:25 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
    2009-04-26 17:00 . 2006-08-11 20:56 -------- d-----w c:\program files\GemMaster
    2009-04-26 09:03 . 2009-04-03 18:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-24 08:49 . 2006-08-11 21:04 -------- d-----w c:\program files\NewTech Infosystems
    2009-04-24 01:34 . 2008-11-11 23:15 -------- d-----w c:\program files\LimeWire
    2009-04-06 14:32 . 2009-04-03 18:07 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 14:32 . 2009-04-03 18:07 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-03-28 13:30 . 2009-03-28 13:30 -------- d-----w c:\program files\IZArc
    2009-03-25 10:06 . 2009-03-25 10:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
    2009-03-23 22:18 . 2009-03-23 22:18 -------- d-----w c:\program files\Common Files\xing shared
    2009-03-23 22:18 . 2008-11-25 12:56 -------- d-----w c:\program files\Common Files\Real
    2009-03-09 05:19 . 2008-12-07 10:44 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-06 14:22 . 2004-08-10 20:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2006-03-04 03:58 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-22 09:34 . 2008-11-10 01:44 40352 ----a-w c:\documents and settings\dalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-02-20 18:09 . 2004-08-10 20:00 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-09 19:45 . 2009-02-09 19:45 591644 ----a-w c:\windows\ODZsnowsaverPC.scr
    2009-02-09 12:10 . 2004-10-28 01:21 729088 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 12:10 . 2005-07-26 04:39 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 12:10 . 2004-08-10 20:00 714752 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 12:10 . 2004-08-10 20:00 617472 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 11:13 . 2005-10-06 00:06 1846784 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 01:15 . 2009-02-09 00:51 31381288 ----a-w c:\program files\setupfre.exe
    2008-11-26 12:19 . 2008-11-26 12:19 9407598 ----a-w c:\program files\vlc-084.exe
    2008-11-25 22:47 . 2008-11-25 22:47 3467800 ----a-w c:\program files\va22.exe
    2008-11-13 18:59 . 2008-11-13 18:59 7606832 ----a-w c:\program files\Firefox Setup 3.0.3.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-28_07.54.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-04-28 07:52 . 2009-04-28 07:52 16384 c:\windows\temp\Perflib_Perfdata_188.dat
    + 2009-05-08 21:00 . 2009-05-08 21:00 16384 c:\windows\temp\Perflib_Perfdata_188.dat
    + 2006-08-11 20:54 . 2009-05-06 01:19 63220 c:\windows\system32\perfc009.dat
    + 2005-09-23 06:28 . 2005-09-23 06:28 74240 c:\windows\system32\mscories.dll
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 91264 c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrsce.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 99712 c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrobex.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 14848 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdfl.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrwhnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 63360 c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrceb.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrwhnt.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 83200 c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrbus.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 35880 c:\windows\system32\DRVSTORE\semis06_951EEEC36412602D8ACC8E4FBFB724AC1ED1A5BF\semis06.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 24616 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\ggsemc.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 13224 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\ggflt.sys
    + 2008-03-27 15:27 . 2008-03-27 15:27 35040 c:\windows\system32\drivers\wdfldr.sys
    + 2005-09-23 06:28 . 2005-09-23 06:28 83456 c:\windows\system32\dfshim.dll
    + 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2005-09-23 06:28 . 2005-09-23 06:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 06:28 . 2005-09-23 06:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 06:29 . 2005-09-23 06:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 05:36 . 2005-09-23 05:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 05:47 . 2005-09-23 05:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 05:30 . 2005-09-23 05:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 05:47 . 2005-09-23 05:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 05:47 . 2005-09-23 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 05:46 . 2005-09-23 05:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 05:44 . 2005-09-23 05:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 05:42 . 2005-09-23 05:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 05:40 . 2005-09-23 05:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 05:40 . 2005-09-23 05:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 05:40 . 2005-09-23 05:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 05:38 . 2005-09-23 05:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 05:38 . 2005-09-23 05:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 02:46 . 2005-09-23 02:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 05:36 . 2005-09-23 05:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 05:34 . 2005-09-23 05:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 05:34 . 2005-09-23 05:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 05:34 . 2005-09-23 05:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 05:32 . 2005-09-23 05:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2009-05-06 01:47 . 2009-05-06 01:47 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c8424bb4fa3aa44888b5cd3b6057e198\Microsoft.Build.Framework.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c4951da462e5d3459cf89c268d82db48\dfsvc.ni.exe
    + 2009-05-06 01:47 . 2009-05-06 01:47 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9d6d76c91278b44e8a046434df4953a8\Accessibility.ni.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    + 2006-08-11 20:54 . 2009-05-06 01:19 402736 c:\windows\system32\perfh009.dat
    + 2005-09-23 06:28 . 2005-09-23 06:28 150016 c:\windows\system32\mscorier.dll
    + 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrmdmc.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
    + 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
    + 2008-03-27 15:27 . 2008-03-27 15:27 503008 c:\windows\system32\drivers\wdf01000.sys
    + 2005-09-23 06:28 . 2005-09-23 06:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 06:57 . 2005-09-23 06:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 06:01 . 2005-09-23 06:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2009-05-06 01:48 . 2009-05-06 01:48 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3f37ce15e9f97f4a9ba2093c995000d7\System.Web.RegularExpressions.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d69c109116abbf449c42e6902c7b234c\System.Transactions.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\d824c62b748c794d82f2e115111d0211\System.Security.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\212e9a1cc9cc0543b75f44131a0b68ef\System.EnterpriseServices.Wrapper.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\212e9a1cc9cc0543b75f44131a0b68ef\System.EnterpriseServices.ni.dll
    + 2009-05-06 01:18 . 2009-05-06 01:18 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\649e37cc30a5754fb1646144f66d7b89\System.Drawing.Design.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5c55f7ad4c4b7044b21432ee2776fcc2\System.DirectoryServices.Protocols.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c7ec3bb754944c4183a4a86fa074e600\System.Configuration.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7c81eb9ffddc4546a3251e53a42eba0d\Microsoft.Build.Utilities.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a32f8e8832ca1645941a454184a50bd4\Microsoft.Build.Engine.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7eba96761e0174b9fafad9d8e5cb61d\CustomMarshalers.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\81222fe4caa3ff40b92f448ee5afc625\AspNetMMCExt.ni.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-04-30 00:00 . 2009-04-29 23:59 1107296 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\WdfCoInstaller01007.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 06:29 . 2005-09-23 06:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 06:28 . 2005-09-23 06:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 06:28 . 2005-09-23 06:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2009-05-06 01:18 . 2009-05-06 01:18 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\d636d1b22a6ecc40a41ea733b3ea80e7\System.ni.dll
    + 2009-05-06 01:19 . 2009-05-06 01:19 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9dbe53496263574a975f93d348c89328\System.Xml.ni.dll
    + 2009-05-06 01:48 . 2009-05-06 01:48 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\4937beac9f686c46b0cefc9f62d36718\System.Web.Services.ni.dll
    + 2009-05-06 01:48 . 2009-05-06 01:48 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7003795051414a49a20f06c367668a63\System.Web.Mobile.ni.dll
    + 2009-05-06 01:18 . 2009-05-06 01:18 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\176efc7adec7ea4083b5751038cf5098\System.Drawing.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d8732a5e88c4a84699bf3418e684543c\System.DirectoryServices.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4d1eb0f7b833414b884b4f27beea5f9b\System.Deployment.ni.dll
    + 2009-05-06 01:19 . 2009-05-06 01:19 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\399b55db09738b43bd4c96c75c31f378\System.Data.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7a80b0bc6bb5314984765b405ca19a69\Microsoft.VisualBasic.ni.dll
    + 2009-05-06 01:47 . 2009-05-06 01:47 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\654f1143b235b541a3534a55b90a67c7\Microsoft.Build.Tasks.ni.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-05-06 01:16 . 2009-05-06 01:16 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-05-06 01:18 . 2009-05-06 01:18 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4ae1d760aa705c418a1ad0e2a6edc5a2\System.Windows.Forms.ni.dll
    + 2009-05-06 01:48 . 2009-05-06 01:48 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\395709cb274e794c85baf05e800184c9\System.Web.ni.dll
    + 2009-05-06 01:19 . 2009-05-06 01:19 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\20723d0cc7f1804db651e52a6c63757a\System.Design.ni.dll
    + 2009-05-06 01:17 . 2009-05-06 01:17 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5c3af684397a9e4987aab13390edb1f0\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-11 1519616]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\dalie\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-10 45056]
    Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave1"= serwvdrv.dll
    "wave2"= serwvdrv.dll
    "wave3"= serwvdrv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/24/2009 12:35 AM 210216]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/30/2009 1:00 AM 13224]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBACKMONITOR
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-23 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-23 09:53]

    2009-05-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-23 09:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703502&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://m.fr.yahoo.com/
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 23:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(188)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-05-08 23:26
    ComboFix-quarantined-files.txt 2009-05-08 22:26
    ComboFix2.txt 2009-04-28 07:57

    Pre-Run: 17,018,449,920 bytes free
    Post-Run: 17,093,107,712 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

    483 --- E O F --- 2009-04-25 08:05
    a c 318 8 Sécurité
    9 Mai 2009 00:33:42

    1/

  • Désinstalle HijackThis.
  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
    9 Mai 2009 00:41:59

    ok oui maintenant c'est nickel
    mille mercis encore pour ton aide :*!
    a c 318 8 Sécurité
    9 Mai 2009 00:43:54

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.
    10 Mai 2009 20:42:15

    salut,

    Ben en fait non pas du tout, le problème existe toujours.. :( 
    Les redirections s'étaient juste calmées.. ça m'énerve!
    a c 318 8 Sécurité
    10 Mai 2009 20:48:47

  • Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

  • En bas à droite, clique sur Démarrer Online-scanner.

  • Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

  • Accepte les Contrôles ActiveX.

  • Choisis Poste de travail pour le scan.

  • Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

  • Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    11 Mai 2009 00:38:27

    hé,

    ça a pris un peu de temps.. je l'avais déjà fait mais je savais pas quoi faire du résultat, donc voila le rapport :


    Statistiques de l'analyse
    Total d'objets analysés 56145
    Nombre de virus trouvés 0
    Nombre d'objets infectés 0 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:18:43

    Nom de l'objet infecté Nom du virus Dernière action
    C:\autorun.inf\lpt3.This folder was created by UsbFix L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MBK\78d7ebc7-49cd-462f-b8e4-94d967a2eeab\ARBUSFILE.GDB L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MNM\NDData L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{8F846C9B-BD78-48DB-9146-534EC695E615}.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CF386B26-540F-4A48-BD08-B074707CE811}.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\SA.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR60.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\SysMonitor.exe.49302a1.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\temp\etilqs_8UlXL121qnw3WUErbBJW L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\temp\fb_488.lck L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\temp\~DFAF9B.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\temp\~DFD82.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\temp\~DFD99.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\dalie\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002001.com L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002078.com L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002080.com L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002375.exe L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002427.com L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002429.com L'objet est verrouillé ignoré
    C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP15\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt L'objet est verrouillé ignoré
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{60FD8B6E-10D5-4A9E-ACC6-27C699608DDE}.crmlog L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\temp\mcafee_wqZJ1UhUB6C3txB L'objet est verrouillé ignoré
    C:\WINDOWS\temp\mcmsc_heSaYFjN6o31MEB L'objet est verrouillé ignoré
    C:\WINDOWS\temp\mcmsc_JZE7GUmisHz70dD L'objet est verrouillé ignoré
    C:\WINDOWS\temp\mcmsc_MVmb1LrbxoLtCXp L'objet est verrouillé ignoré
    C:\WINDOWS\temp\mcmsc_sls6WihldtvAh7X L'objet est verrouillé ignoré
    C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_1SSyeeCf1Y5PsMy L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_LbYhI2SAAjTHJJ0 L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_PWwDUacI0YJm0R0 L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_tX4sedftijXX5GN L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_WXyTnbRgpoxDpKb L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_Yjwm5gU80WCCkGu L'objet est verrouillé ignoré
    C:\WINDOWS\temp\sqlite_ZDoZAFiYYdf7zwE L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\autorun.inf\lpt3.This folder was created by UsbFix L'objet est verrouillé ignoré
    Analyse terminée.

    a c 318 8 Sécurité
    11 Mai 2009 00:43:52

    Pas d'infection trouvée.

    Tu es sûr que le problème ne vient pas de BitLord ?
    11 Mai 2009 01:20:38

    ben, je l'ai désinstallé et toujours des redirections..
    a c 318 8 Sécurité
    11 Mai 2009 01:35:56

  • Télécharge Dr.Web CureIt! sur ton Bureau.
  • Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
  • Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
  • Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
  • Choisis l'onglet Scanner, et décoche Analyse heuristique.
  • De retour à la fenêtre principale : choisis Analyse complète.
  • Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
  • Clique Oui pour Tout si un fichier est détecté.
  • A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
  • Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
  • Ferme Dr.Web CureIt!
  • Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

    NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.
    11 Mai 2009 12:23:08

    bonjour
    j'ai le même problème de redirection, et peut-etre pire puisque j'ai des problèmes avec explorer (qui plante et se ferme) et firefox (mais c'est peut-etre du au fait que j'ai installé la nouvelle version 3). J'utilise maintenant opera mais le problème de redirection persiste.

    est-ce que je dois suivre la meme procédure décrite ici ?
    excuser mon ignorance mais j'ai lu differentes solutions donc je ne sais pas laquelle suivre
    a c 318 8 Sécurité
    11 Mai 2009 14:04:51

    magicbox, je te conseille de créer ton propre sujet ;) 
    12 Mai 2009 23:00:00

    bonsoir,

    j'ai fini le scan avec drweb, mais ces redirections persistent...
    voila ce que drweb a trouvé :

    ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\dalie\Desktop\foralexpc\ComboFix.exe/data002;Program.PsExec.171;;
    data002;C:\Documents and Settings\dalie\Desktop\foralexpc;Archive contains infected objects;;
    ComboFix.exe;C:\Documents and Settings\dalie\Desktop\foralexpc;Container contains infected objects;Deleted.;
    smitfraudfix_smitfraudfix_2.412_francais_253624.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\dalie\Desktop\foralexpc\smitfraudfix_smitfraudfix_2.412_francais_253624.exe;Tool.Prockill;;
    smitfraudfix_smitfraudfix_2.412_francais_253624.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\dalie\Desktop\foralexpc\smitfraudfix_smitfraudfix_2.412_francais_253624.exe;Tool.ShutDown.14;;
    smitfraudfix_smitfraudfix_2.412_francais_253624.exe;C:\Documents and Settings\dalie\Desktop\foralexpc;Archive contains infected objects;Deleted.;
    A0001718.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP10;Tool.Prockill;Deleted.;
    A0002107.exe\data014;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002107.exe;Tool.Prockill;;
    A0002107.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Container contains infected objects;Deleted.;
    A0002153.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.Prockill;Deleted.;
    A0002156.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.ShutDown.14;Deleted.;
    A0002180.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.Prockill;Deleted.;
    A0002183.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.ShutDown.14;Deleted.;
    A0000024.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP2;Tool.Prockill;Deleted.;
    A0000046.EXE;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP2;Program.PsExec.170;Deleted.;
    b204.msi\stream005;C:\WINDOWS\Installer\b204.msi;Tool.WiFiKill;;
    b204.msi;C:\WINDOWS\Installer;Archive contains infected objects;Deleted.;
    Kill1211.exe;C:\WINDOWS\system32;Tool.WiFiKill;Deleted.;
    a c 318 8 Sécurité
    12 Mai 2009 23:15:57

    Tes redirections n'ont pas l'air de venir d'une infection.
    12 Mai 2009 23:27:54

    ??

    cool mais qu'est ce que je dois faire?
    a c 318 8 Sécurité
    12 Mai 2009 23:30:44

    Tu utilises Internet Explorer ou Firefox ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS