Votre question

Internet lent

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Février 2009 16:05:47

Bonjour,
depuis quelques jours sur mon pc, internet est tres lent, j'ai peur d'avoir un virus, quelqu'un pourrait'il m'aider?
merci

Autres pages sur : internet lent

a c 295 8 Sécurité
a b 9 Windows
25 Février 2009 16:16:33

Salut,

On va regarder :

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    25 Février 2009 16:41:37

    re

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by alexis at 2009-02-25 16:22:51
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 72 GB (30%) free of 238 GB
    Total RAM: 1014 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:23:02, on 25/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\EPSON\ESM2\eEBSVC.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DWRCS.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DWRCST.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\CmWatch.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\Documents and Settings\alexis\client1.exe
    F:\Hvfsys\HVF-ICS.exe
    C:\windows\system32\SIGNON.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\spider.exe
    C:\Documents and Settings\alexis\Bureau\RSIT.exe
    C:\Documents and Settings\alexis\Bureau\HiJackThis\alexis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
    O3 - Toolbar: bgrqfetx - {87EF3F20-E986-4B30-B9AA-A65E59792F29} - C:\WINDOWS\bgrqfetx.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Client Net-Assistance.lnk = C:\Program Files\LBINT\Launch.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\EPSON\ESM2\Stms.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jin...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
    O17 - HKLM\Software\..\Telephony: DomainName = HEVEAFIL.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = HEVEAFIL.local
    O17 - HKLM\System\CS4\Services\Tcpip\..\{3C682CED-F5BD-48AC-A7C8-327F26A53BA3}: NameServer = 192.168.15.1,192.168.15.254
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DameWare Mini Remote Control Service (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

    --
    End of file - 9671 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-19 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-02-10 218632]
    {87EF3F20-E986-4B30-B9AA-A65E59792F29} - bgrqfetx - C:\WINDOWS\bgrqfetx.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-05-06 155648]
    "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-05-06 118784]
    "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
    "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-07 180269]
    "CmCardRun"=C:\WINDOWS\system32\CmWatch.exe [2003-09-16 229376]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-19 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-22 342848]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
    C:\WINDOWS\system32\CmWatch.exe [2003-09-16 229376]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
    C:\Program Files\HGMB\EyeOnFiles\EyeOnFiles.exe [2008-02-17 4838400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
    C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe [2003-09-09 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-01-23 847872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-07 180269]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Client Net-Assistance.lnk - C:\Program Files\LBINT\Launch.exe
    Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    EPSON Contrôle en arrière-plan.lnk - C:\Program Files\EPSON\ESM2\Stms.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    HP monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-05-06 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "NoWelcomeScreen"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\LBINT\launch1.exe"="C:\Program Files\LBINT\launch1.exe:*:Enabled:launch1"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\LBINT\Launch.exe"="C:\Program Files\LBINT\Launch.exe:*:Enabled:Launch"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\LBINT\launch1.exe"="C:\Program Files\LBINT\launch1.exe:*:Enabled:launch1"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
    "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\LBINT\Launch.exe"="C:\Program Files\LBINT\Launch.exe:*:Enabled:Launch"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Documents and Settings\alexis\Mes documents\BitTorrent Downloads\BitTorrent.exe"="C:\Documents and Settings\alexis\Mes documents\BitTorrent Downloads\BitTorrent.exe:*:Enabled:BitTorrent"

    ======List of files/folders created in the last 1 months======

    2009-02-25 09:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-19 12:49:48 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-02-16 09:02:39 ----D---- C:\Documents and Settings\alexis\Application Data\Malwarebytes
    2009-02-16 08:57:20 ----SHD---- C:\found.000
    2009-02-13 16:53:21 ----SHD---- C:\RECYCLER
    2009-02-13 16:17:15 ----D---- C:\WINDOWS\temp
    2009-02-13 16:17:10 ----A---- C:\ComboFix.txt
    2009-02-13 15:47:20 ----A---- C:\Boot.bak
    2009-02-13 15:47:10 ----RASHD---- C:\cmdcons
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\zip.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\VFIND.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWSC.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\SWREG.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\sed.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\grep.exe
    2009-02-13 15:44:48 ----A---- C:\WINDOWS\fdsv.exe
    2009-02-12 17:06:15 ----A---- C:\WINDOWS\system32\InstallAVg_77015112.exe.tmp
    2009-02-12 08:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-02-12 08:46:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-10 13:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
    2009-02-10 10:31:03 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-02-09 18:16:21 ----D---- C:\IDN
    2009-02-09 16:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-02-09 16:55:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-09 16:31:04 ----A---- C:\FindyKill.txt
    2009-02-09 16:30:34 ----D---- C:\Program Files\FindyKill
    2009-02-09 09:42:27 ----D---- C:\rsit
    2009-02-09 09:08:28 ----A---- C:\WINDOWS\system32\system32xp.exe.tmp

    ======List of files/folders modified in the last 1 months======

    2009-02-25 16:22:59 ----D---- C:\WINDOWS\Prefetch
    2009-02-25 16:18:14 ----D---- C:\Documents and Settings\alexis\Application Data\DNA
    2009-02-25 15:48:15 ----D---- C:\windows
    2009-02-25 15:48:12 ----D---- C:\Program Files\LBINT
    2009-02-25 15:48:11 ----D---- C:\Program Files\DNA
    2009-02-25 15:48:11 ----A---- C:\WINDOWS\iTouch.ini
    2009-02-25 15:40:53 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-25 15:18:38 ----D---- C:\Documents and Settings\alexis\Application Data\BitTorrent
    2009-02-25 11:35:36 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-25 09:56:55 ----A---- C:\WINDOWS\crw.ini
    2009-02-25 09:37:00 ----D---- C:\WINDOWS\system32
    2009-02-25 09:34:59 ----HD---- C:\WINDOWS\inf
    2009-02-25 09:34:51 ----RSHD---- C:\WINDOWS\system32\DllCache
    2009-02-25 09:29:02 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-20 12:16:01 ----D---- C:\Documents and Settings\alexis\Application Data\SolidDocuments
    2009-02-19 12:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-02-19 12:50:03 ----SHD---- C:\WINDOWS\Installer
    2009-02-19 12:49:55 ----HD---- C:\Config.Msi
    2009-02-19 12:49:31 ----D---- C:\Program Files\Java
    2009-02-16 15:02:55 ----D---- C:\WINDOWS\system32\drivers
    2009-02-13 16:14:21 ----D---- C:\QooBox
    2009-02-13 16:11:23 ----A---- C:\WINDOWS\system.ini
    2009-02-13 15:59:51 ----D---- C:\WINDOWS\AppPatch
    2009-02-13 15:59:44 ----D---- C:\Program Files\Fichiers communs
    2009-02-13 15:57:10 ----RD---- C:\Program Files
    2009-02-13 15:47:20 ----RASH---- C:\boot.ini
    2009-02-13 15:40:52 ----D---- C:\ComboFix
    2009-02-12 09:17:42 ----D---- C:\Program Files\Internet Explorer
    2009-02-12 08:49:51 ----A---- C:\WINDOWS\system32\MRT.INI
    2009-02-12 08:47:14 ----D---- C:\WINDOWS\Debug
    2009-02-12 08:42:20 ----SHD---- C:\WINDOWS\CSC
    2009-02-12 08:42:18 ----D---- C:\WINDOWS\security
    2009-02-12 08:41:27 ----D---- C:\WINDOWS\Minidump
    2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2271]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-05-29 186112]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-05-06 711005]
    R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2002-11-08 14156]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
    R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-21 28164]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
    S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-12-14 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-12-14 21744]
    S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
    S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 NETIMFLT;PANDA NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\netimflt.sys []
    S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
    S3 UMSSSTOR;C-Media Storage; C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 48512]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
    S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-20 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\System32\basfipm.exe [2004-04-01 77824]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 DWMRCS;DameWare Mini Remote Control Service; C:\WINDOWS\system32\DWRCS.exe [2007-03-14 220160]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\EPSON\ESM2\eEBSVC.exe [2002-01-30 77824]
    R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
    R2 ICRAplus;ICRAplus; C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe [2006-12-29 909312]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-19 152984]
    R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-02-10 69632]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

    -----------------EOF-----------------


    merci
    Contenus similaires
    a c 295 8 Sécurité
    a b 9 Windows
    25 Février 2009 16:44:20

    Peux-tu me poster ce rapport : C:\ComboFix.txt ?
    25 Février 2009 17:00:56

    ComboFix 09-02-12.03 - cynthia 2009-02-13 15:56:25.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.685 [GMT 1:00]
    Lancé depuis: c:\documents and settings\alexis\Bureau\comb.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
    AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
    FW: Panda Internet Security 2008 *disabled*
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Antivirus 2009\
    c:\program files\Microsoft Common
    c:\program files\Microsoft Common\svchost.exe
    c:\windows\msauc.exe
    c:\windows\services.exe
    c:\windows\system32\crypts.dll
    c:\windows\system32\digeste.dll
    c:\windows\system32\drivers\str.sys
    c:\windows\system32\drivers\TDSSserv.sys
    c:\windows\system32\drivers\UACrfsqfcjn.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\rah3b8ffdnd.dll
    c:\windows\system32\rs32net.exe
    c:\windows\system32\shell31.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\svschost.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\UACdlugsybu.dll
    c:\windows\system32\UACftnefqsm.log
    c:\windows\system32\UAChurqfqwg.dat
    c:\windows\system32\UACjqxtjkln.dll
    c:\windows\system32\UACppgxylrg.dll
    c:\windows\system32\UACqgpcrgst.log
    c:\windows\system32\UACqpwrjjwj.log
    c:\windows\system32\UACsawagakk.dll
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\wpv231234083759.cpx
    c:\windows\system32\wpv331234083698.cpx
    c:\windows\system32\WS2Fix.exe
    c:\windows\wiaserviv.log
    c:\windows\system32\InstallAVg_77015112.exe . . . . impossible à supprimer
    .
    ---- Exécution préalable -------
    .
    c:\documents and settings\cynthia\Bureau\Error Cleaner.url
    c:\documents and settings\cynthia\Bureau\Privacy Protector.url
    c:\documents and settings\cynthia\Bureau\Spyware&Malware Protection.url
    c:\documents and settings\cynthia\Favoris\Error Cleaner.url
    c:\documents and settings\cynthia\Favoris\Privacy Protector.url
    c:\documents and settings\cynthia\Favoris\Spyware&Malware Protection.url
    c:\program files\PCHealthCenter
    c:\program files\PCHealthCenter\0.exe
    c:\program files\PCHealthCenter\0.gif
    c:\program files\PCHealthCenter\1.exe
    c:\program files\PCHealthCenter\1.gif
    c:\program files\PCHealthCenter\2.exe
    c:\program files\PCHealthCenter\2.gif
    c:\program files\PCHealthCenter\3.exe
    c:\program files\PCHealthCenter\3.gif
    c:\program files\PCHealthCenter\4.exe
    c:\program files\PCHealthCenter\5.exe
    c:\program files\PCHealthCenter\7.exe
    c:\program files\PCHealthCenter\sex1.ico
    c:\program files\PCHealthCenter\sex2.ico
    c:\program files\VAV
    c:\program files\VAV\vav.cpl
    c:\program files\VAV\vav.exe
    c:\program files\VAV\vav0.dat
    c:\program files\VAV\vav1.dat
    c:\windows\bgrqfetx.dll
    c:\windows\epgk.exe
    c:\windows\privacy_danger
    c:\windows\privacy_danger\images\capt.gif
    c:\windows\privacy_danger\images\danger.jpg
    c:\windows\privacy_danger\images\down.gif
    c:\windows\privacy_danger\images\spacer.gif
    c:\windows\privacy_danger\index.htm
    c:\windows\system32\sex1.ico
    c:\windows\system32\sex2.ico
    c:\windows\system32\vav.cpl
    c:\windows\tfnslopk.dll
    c:\windows\wnlmdakqenv.dll
    c:\windows\xokvrpwg.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-13 16:07 . 2009-02-13 16:07 139,264 --a------ c:\documents and settings\cynthia\client1.exe
    2009-02-12 09:19 . 2009-02-13 16:05 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
    2009-02-12 08:46 . 2009-02-12 08:46 1,374 --a------ c:\windows\imsins.BAK
    2009-02-12 08:43 . 2009-02-12 08:49 32,768 --a------ c:\windows\system32\drivers\ati4tyxx.sys
    2009-02-11 12:08 . 2009-02-11 12:08 27,136 --a------ c:\windows\system32\TDSSoitu.dll
    2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
    2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
    2009-02-09 16:55 . 2009-02-10 10:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 16:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 16:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
    2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
    2009-02-09 09:13 . <REP> c:\program files\Antivirus 2009
    2009-02-09 09:13 . 2009-02-12 17:06 0 --a------ c:\windows\system32\InstallAVg_77015112.exe.tmp
    2009-02-09 09:13 . 2009-02-09 09:13 0 --------- c:\windows\system32\InstallAVg_77015112.exe
    2009-02-09 09:08 . 2009-02-09 09:08 92,160 --a------ c:\windows\system32\svñshost.exe
    2009-02-09 09:08 . 2009-02-13 08:39 5,538 --a------ c:\windows\system32\uacinit.dll
    2009-02-09 09:08 . 2009-02-09 09:08 0 --a------ c:\windows\system32\system32xp.exe.tmp
    2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
    2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat
    2009-01-13 11:50 . 2009-01-13 11:50 <REP> d-------- c:\program files\ESET
    2009-01-13 11:50 . 2009-01-13 11:50 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
    2009-01-13 11:26 . 2009-01-13 11:26 0 --a------ c:\windows\system32\drivers\wnmsav.dat
    2009-01-13 08:54 . 2009-02-13 15:40 <REP> d-------- C:\ComboFix

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 15:06 --------- d-----w c:\program files\LBINT
    2009-02-13 15:06 --------- d-----w c:\program files\DNA
    2009-02-13 15:06 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
    2009-02-13 14:39 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
    2009-02-13 09:37 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
    2009-02-11 15:21 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
    2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
    2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
    2008-12-16 08:49 --------- d-----w c:\program files\Bonjour
    2008-12-16 08:48 --------- d-----w c:\program files\iTunes
    2008-12-16 08:48 --------- d-----w c:\program files\iPod
    2008-12-16 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-16 08:45 --------- d-----w c:\program files\QuickTime
    2008-12-16 08:44 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-16 08:39 --------- d-----w c:\program files\Safari
    2008-11-13 09:52 3,532 ----a-w C:\drmHeader.bin
    2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
    2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
    2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
    2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
    2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-07_12.50.17.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
    + 2008-05-02 13:33:12 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
    + 2008-05-02 14:01:52 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
    + 2008-05-02 13:44:40 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
    + 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-04-11 18:40:33 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
    + 2008-04-11 19:05:22 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
    + 2008-04-11 22:23:04 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
    + 2007-12-03 15:25:43 767,352 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
    + 2008-05-09 10:51:45 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
    + 2008-05-09 10:51:45 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
    + 2008-05-09 10:51:45 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
    + 2008-05-09 10:51:45 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
    + 2008-05-09 10:51:45 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
    + 2008-05-01 15:04:51 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
    + 2008-05-01 14:36:26 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
    + 2008-05-01 14:39:23 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
    + 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 15:40:01 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
    + 2008-06-23 15:40:01 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
    + 2008-06-23 15:40:01 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
    + 2008-06-23 15:40:01 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
    + 2008-06-23 15:40:01 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
    + 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
    + 2008-06-23 15:40:01 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
    + 2008-06-23 15:40:01 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
    + 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
    + 2008-06-23 15:40:02 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
    + 2008-06-23 15:40:02 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
    + 2008-06-23 15:40:04 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
    + 2008-06-23 15:40:04 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
    + 2008-06-23 15:40:04 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
    + 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
    + 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
    + 2008-06-23 15:40:05 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
    + 2008-06-23 15:40:05 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
    + 2008-06-23 15:40:05 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
    + 2008-06-23 15:40:07 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
    + 2008-06-23 15:40:07 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
    + 2008-06-23 15:40:07 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
    + 2008-06-23 15:40:07 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
    + 2008-06-23 15:40:07 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
    + 2008-06-23 15:40:07 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
    + 2008-06-23 15:40:07 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
    + 2008-06-23 15:40:08 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
    + 2008-06-23 15:40:08 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
    + 2008-06-23 15:40:08 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
    + 2008-09-15 15:20:39 1,847,040 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
    + 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
    + 2008-09-10 01:12:14 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
    + 2008-10-03 09:50:27 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
    + 2008-09-04 17:12:47 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
    + 2008-07-09 12:10:36 406,392 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
    + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
    + 2008-08-26 09:10:25 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
    + 2008-08-26 09:10:25 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
    + 2008-08-26 09:10:25 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
    + 2008-08-26 09:10:25 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
    + 2008-08-26 09:10:25 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
    + 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
    + 2008-08-26 09:10:26 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
    + 2008-08-26 09:10:26 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
    + 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
    + 2008-08-26 09:10:26 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
    + 2008-08-26 09:10:26 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-03 16:22:30 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
    + 2008-08-26 09:10:27 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
    + 2008-08-26 09:10:27 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
    + 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
    + 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    + 2008-08-26 09:10:27 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
    + 2008-08-26 09:10:27 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
    + 2008-08-26 09:10:27 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
    + 2008-08-26 09:10:28 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    + 2008-08-26 09:10:28 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
    + 2008-08-26 09:10:28 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
    + 2008-08-26 09:10:29 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
    + 2008-08-26 09:10:29 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
    + 2008-08-26 09:10:29 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
    + 2008-08-26 09:10:29 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
    + 2008-08-26 09:10:29 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
    + 2008-08-26 09:10:29 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
    + 2008-08-26 09:10:29 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
    + 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
    + 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
    + 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
    + 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
    + 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
    + 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
    + 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
    + 2008-08-14 13:55:54 2,147,328 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
    + 2008-08-14 17:26:00 2,068,096 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    + 2008-08-14 13:55:47 2,025,984 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
    + 2008-08-14 17:26:02 2,191,232 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
    + 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
    + 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
    + 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    + 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
    + 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
    + 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
    + 2008-07-08 13:03:57 767,352 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
    + 2008-07-08 13:04:05 406,392 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
    + 2008-10-16 19:33:14 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
    + 2008-10-16 19:33:14 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
    + 2008-10-16 19:33:14 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
    + 2008-10-16 19:33:14 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
    + 2008-10-16 19:33:14 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
    + 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
    + 2008-10-16 19:33:14 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
    + 2008-10-16 19:33:14 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
    + 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
    + 2008-10-16 19:33:15 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
    + 2008-10-16 19:33:15 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-16 19:33:16 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
    + 2008-10-16 19:33:16 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
    + 2008-10-16 19:33:16 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
    + 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
    + 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    + 2008-10-16 19:33:17 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
    + 2008-10-16 19:33:18 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
    + 2008-10-16 19:33:18 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
    + 2008-10-16 19:33:19 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
    + 2008-10-16 19:33:20 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
    + 2008-10-16 19:33:20 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
    + 2008-10-16 19:33:21 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
    + 2008-10-16 19:33:21 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
    + 2008-10-16 19:33:21 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
    + 2008-10-16 19:33:21 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
    + 2008-10-16 19:33:21 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
    + 2008-10-16 19:33:22 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
    + 2008-10-16 19:33:22 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
    + 2008-10-15 16:31:32 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
    + 2008-12-13 06:27:45 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    + 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
    + 2007-03-06 01:35:47 394,976 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
    - 2003-01-13 16:53:24 50,816 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
    + 2004-08-04 06:10:06 53,248 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
    + 2004-08-04 06:00:03 12,288 -c----w c:\windows\$NtServicePackUninstall$\4mmdat.sys
    + 2004-08-04 06:10:10 48,128 -c----w c:\windows\$NtServicePackUninstall$\61883.sys
    - 2004-03-20 19:44:36 59,392 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
    + 2006-08-16 11:59:27 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
    + 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll
    + 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll.000
    - 2002-11-27 11:55:52 185,344 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
    + 2004-08-19 23:09:50 189,952 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
    - 2002-11-26 19:20:40 1,821,184 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
    + 2004-08-19 23:09:19 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
    + 2004-08-19 23:09:19 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
    - 2004-03-20 19:44:40 406,528 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
    + 2004-08-19 23:09:19 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
    + 2004-08-19 23:09:19 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
    - 2004-03-20 19:44:40 125,440 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
    + 2004-08-19 23:09:19 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
    + 2004-08-19 23:09:19 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
    - 2004-03-20 19:44:40 111,616 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
    + 2004-08-19 23:09:19 119,296 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
    - 2004-03-20 19:54:22 180,224 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
    + 2004-08-19 22:51:54 188,672 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
    - 2004-03-20 19:44:42 219,136 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
    + 2004-08-19 23:09:19 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
    + 2004-08-19 23:09:19 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
    - 2004-03-20 19:44:42 181,760 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
    + 2004-08-19 23:09:19 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
    - 2004-03-20 19:44:42 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
    + 2004-08-19 23:09:50 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
    - 2004-03-20 19:44:42 98,304 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
    + 2004-08-19 23:09:19 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
    - 2004-03-20 19:44:44 107,520 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
    + 2004-08-19 23:09:19 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
    + 2004-08-19 23:09:19 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
    + 2004-08-19 23:09:19 29,696 -c----w c:\windows\$NtServicePackUninstall$\admexs.dll
    + 2004-08-19 23:09:19 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
    + 2004-08-19 23:09:50 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
    - 2004-03-20 19:44:44 57,344 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
    + 2004-08-19 23:09:19 61,440 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
    + 2004-08-19 23:09:19 43,520 -c----w c:\windows\$NtServicePackUninstall$\admwprox.dll
    + 2004-08-19 23:09:19 290,816 -c----w c:\windows\$NtServicePackUninstall$\adsiis51.dll
    - 2004-03-20 19:44:46 162,816 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
    + 2004-08-19 23:09:19 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
    - 2004-03-20 19:44:46 139,776 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
    + 2004-08-19 23:09:19 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
    - 2004-03-20 19:44:46 62,464 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
    + 2004-08-19 23:09:19 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
    - 2004-03-20 19:44:46 239,616 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
    + 2004-08-19 23:09:19 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
    + 2004-03-20 19:44:46 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
    + 2004-08-19 23:09:19 4,255 -c----w c:\windows\$NtServicePackUninstall$\adv01nt5.dll
    + 2004-08-19 23:09:19 3,967 -c----w c:\windows\$NtServicePackUninstall$\adv02nt5.dll
    + 2004-08-19 23:09:19 3,615 -c----w c:\windows\$NtServicePackUninstall$\adv05nt5.dll
    + 2004-08-19 23:09:19 3,647 -c----w c:\windows\$NtServicePackUninstall$\adv07nt5.dll
    + 2004-08-19 23:09:19 3,135 -c----w c:\windows\$NtServicePackUninstall$\adv08nt5.dll
    + 2004-08-19 23:09:19 3,711 -c----w c:\windows\$NtServicePackUninstall$\adv09nt5.dll
    + 2004-08-19 23:09:19 3,775 -c----w c:\windows\$NtServicePackUninstall$\adv11nt5.dll
    - 2004-03-20 19:44:48 626,176 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
    + 2004-08-19 23:09:19 685,056 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
    - 2004-03-20 19:44:48 93,184 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
    + 2004-08-19 23:09:19 101,888 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
    - 2002-08-28 23:16:38 142,208 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
    + 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
    + 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys.001
    - 2004-03-20 19:44:48 131,968 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
    + 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
    - 2004-03-20 19:44:48 22,016 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
    + 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
    - 2004-03-20 19:44:48 204,288 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
    + 2004-08-19 23:09:19 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
    - 2004-03-20 19:44:48 35,840 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
    + 2006-10-12 13:55:58 42,496 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
    - 2004-03-20 19:44:48 50,688 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
    + 2007-03-09 14:00:38 57,344 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
    - 2004-03-20 19:44:48 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
    + 2004-08-19 23:09:19 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
    - 2004-03-20 19:44:48 21,504 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
    + 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
    - 2004-03-20 19:44:48 39,936 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
    + 2004-08-19 23:09:19 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
    - 2004-03-20 19:44:48 235,008 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
    + 2006-10-12 11:54:07 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
    - 2001-08-17 21:58:00 25,472 -c----w c:\windows\$NtServicePackUninstall$\agp440.sys
    + 2004-08-04 06:07:41 42,368 -c----w c:\windows\$NtServicePackUninstall$\agp440.sys
    - 2001-08-17 21:58:02 29,056 -c----w c:\windows\$NtServicePackUninstall$\agpcpq.sys
    + 2004-08-04 06:07:42 44,928 -c----w c:\windows\$NtServicePackUninstall$\agpcpq.sys
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0404.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
    + 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
    + 2004-03-20 19:44:50 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
    + 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
    + 2004-03-20 19:44:50 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
    + 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0411.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0412.dll
    + 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
    + 2004-03-20 19:44:50 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
    + 2004-03-20 19:44:50 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0804.dll
    + 2004-03-20 19:44:50 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
    + 2004-03-20 19:44:50 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
    - 2004-03-20 19:44:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
    + 2004-08-19 23:09:19 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
    - 2004-03-20 19:44:50 91,648 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
    + 2004-08-19 23:09:50 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
    - 2004-03-20 19:44:50 41,984 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
    + 2004-08-19 23:09:51 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
    - 2001-08-17 21:58:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\alim1541.sys
    + 2004-08-04 06:07:41 42,752 -c----w c:\windows\$NtServicePackUninstall$\alim1541.sys
    - 2004-03-20 19:44:50 15,872 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
    + 2004-08-19 23:09:19 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
    - 2001-08-17 21:58:02 27,648 -c----w c:\windows\$NtServicePackUninstall$\amdagp.sys
    + 2004-08-04 06:07:42 43,008 -c----w c:\windows\$NtServicePackUninstall$\amdagp.sys
    - 2004-03-20 19:54:22 34,816 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
    + 2004-08-19 22:52:41 41,216 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
    - 2004-03-20 19:54:22 35,328 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
    + 2004-08-19 22:52:42 41,600 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
    - 2002-12-12 00:14:32 64,512 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
    + 2004-08-19 23:09:19 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
    + 2004-08-19 23:09:19 110,080 -c----w c:\windows\$NtServicePackUninstall$\appconf.dll
    - 2004-03-20 19:44:52 115,712 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
    + 2004-08-19 23:09:19 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
    - 2004-03-20 19:44:54 165,376 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
    + 2004-08-19 23:09:19 176,640 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
    - 2004-03-20 19:44:54 284,160 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
    + 2004-08-19 23:09:19 302,592 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
    + 2004-08-19 23:09:19 334,336 -c----w c:\windows\$NtServicePackUninstall$\aqueue.dll
    - 2004-03-20 19:54:22 57,344 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
    + 2004-08-04 05:58:29 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
    + 2004-08-19 23:09:19 377,344 -c----w c:\windows\$NtServicePackUninstall$\asp51.dll
    + 2004-08-04 05:11:00 200,704 -c----w c:\windows\$NtServicePackUninstall$\aspnet_isapi.dll
    + 2004-08-04 05:11:04 24,576 -c----w c:\windows\$NtServicePackUninstall$\aspnet_regiis.exe
    + 2004-08-04 05:11:04 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_wp.exe
    - 2004-03-20 19:45:02 27,648 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
    + 2004-08-19 23:09:51 30,720 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
    - 2004-03-20 19:45:02 29,696 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
    + 2004-08-19 23:09:51 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
    - 2004-03-20 19:45:02 77,824 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
    + 2004-08-19 23:09:19 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
    - 2004-03-20 19:45:02 13,568 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
    + 2004-08-04 06:05:03 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
    - 2004-03-20 19:45:02 22,528 -c----w c:\windows\$NtServicePackUninstall$\at.exe
    + 2004-08-19 23:09:51 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
    - 2003-04-23 09:29:54 87,296 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
    + 2004-08-04 05:59:42 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
    + 2004-08-19 23:09:19 229,376 -c----w c:\windows\$NtServicePackUninstall$\ati2cqag.dll
    + 2004-08-19 23:09:19 377,984 -c----w c:\windows\$NtServicePackUninstall$\ati2dvaa.dll
    + 2004-08-19 23:09:19 201,728 -c----w c:\windows\$NtServicePackUninstall$\ati2dvag.dll
    + 2004-08-19 23:09:19 870,784 -c----w c:\windows\$NtServicePackUninstall$\ati3d1ag.dll
    + 2004-08-19 23:09:19 1,057,760 -c----w c:\windows\$NtServicePackUninstall$\ati3d2ag.dll
    + 2004-08-19 23:09:19 1,888,992 -c----w c:\windows\$NtServicePackUninstall$\ati3duag.dll
    + 2004-08-19 23:09:19 32,768 -c----w c:\windows\$NtServicePackUninstall$\ativtmxx.dll
    + 2004-08-19 23:09:19 516,768 -c----w c:\windows\$NtServicePackUninstall$\ativvaxx.dll
    - 2004-03-20 19:45:08 74,810 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
    + 2004-08-19 23:09:19 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
    - 2004-03-20 19:45:08 10,240 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
    + 2004-08-19 23:09:51 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
    - 2004-03-20 19:45:08 57,216 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
    + 2004-08-04 05:58:30 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
    - 2004-03-20 19:45:08 272,768 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
    + 2004-08-19 23:08:01 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
    - 2004-03-20 19:45:08 53,888 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
    + 2004-08-04 05:58:34 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
    - 2004-03-20 19:45:08 27,136 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
    + 2004-08-19 23:09:20 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
    + 2004-03-20 19:45:10 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
    + 2004-08-19 23:09:20 21,183 -c----w c:\windows\$NtServicePackUninstall$\atv01nt5.dll
    + 2004-08-19 23:09:20 11,359 -c----w c:\windows\$NtServicePackUninstall$\atv02nt5.dll
    + 2004-08-19 23:09:20 25,471 -c----w c:\windows\$NtServicePackUninstall$\atv04nt5.dll
    + 2004-08-19 23:09:20 14,143 -c----w c:\windows\$NtServicePackUninstall$\atv06nt5.dll
    + 2004-08-19 23:09:20 17,279 -c----w c:\windows\$NtServicePackUninstall$\atv10nt5.dll
    - 2004-03-20 19:45:10 38,912 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
    + 2004-08-19 23:09:20 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
    + 2004-08-19 23:09:51 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
    + 2004-08-19 23:09:20 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
    + 2004-08-19 23:09:51 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
    - 2004-03-20 19:45:10 51,200 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
    + 2005-03-02 18:10:36 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
    - 2004-03-20 19:45:10 602,112 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
    + 2004-08-19 23:09:51 625,152 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
    - 2004-03-20 19:45:12 614,912 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
    + 2004-08-19 23:09:51 638,976 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
    - 2004-03-20 19:45:12 594,944 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
    + 2004-08-19 23:09:51 616,960 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
    - 2004-03-20 19:45:12 8,192 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
    + 2004-08-19 23:09:51 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
    + 2004-08-04 06:10:10 38,912 -c----w c:\windows\$NtServicePackUninstall$\avc.sys
    + 2004-08-04 06:09:58 13,696 -c----w c:\windows\$NtServicePackUninstall$\avcstrm.sys
    - 2004-03-20 19:45:14 76,800 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
    + 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
    - 2004-06-17 17:56:29 47,616 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
    + 2004-08-19 23:09:20 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
    - 2004-03-20 19:45:16 27,136 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
    + 2004-08-19 23:09:20 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
    - 2004-03-20 19:45:16 6,656 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
    + 2004-08-19 23:09:20 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
    - 2003-02-17 10:16:26 11,392 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
    + 2004-08-04 06:10:12 11,776 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
    - 2004-03-20 19:45:18 14,848 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
    + 2004-08-19 23:09:20 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
    - 2004-07-01 22:08:13 7,680 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
    + 2004-08-19 23:09:20 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
    - 2004-07-01 22:08:13 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
    + 2004-08-19 23:09:20 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
    + 2004-08-19 23:09:51 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
    + 2004-03-20 19:45:20 152,064 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
    - 2004-03-20 19:45:22 68,864 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
    + 2004-08-04 05:59:57 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
    - 2004-03-20 19:45:26 69,632 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
    + 2004-08-19 23:08:02 70,144 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
    - 2004-03-20 19:45:26 49,152 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
    + 2004-08-19 23:09:20 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
    - 2004-11-11 18:51:16 1,026,048 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
    + 2006-09-23 11:12:56 1,022,976 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
    - 2004-03-20 19:45:26 71,680 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
    + 2004-08-19 23:09:20 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
    + 2004-08-19 23:09:20 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
    + 2004-08-04 06:10:38 17,024 -c----w c:\windows\$NtServicePackUninstall$\bthenum.sys
    + 2004-08-04 06:10:38 38,016 -c----w c:\windows\$NtServicePackUninstall$\bthmodem.sys
    + 2004-08-04 05:58:38 100,992 -c----w c:\windows\$NtServicePackUninstall$\bthpan.sys
    + 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys
    + 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys.001
    + 2004-08-04 06:10:37 35,456 -c----w c:\windows\$NtServicePackUninstall$\bthprint.sys
    + 2004-08-19 23:09:20 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
    + 2004-08-04 06:10:34 18,944 -c----w c:\windows\$NtServicePackUninstall$\bthusb.sys
    + 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
    + 2004-03-20 19:46:14 218,112 -c----w c:\windows\$NtServicePackUninstall$\c_g18030.dll
    - 2004-03-20 19:45:28 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
    + 2004-08-19 23:09:20 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
    - 2004-03-20 19:45:28 81,408 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
    + 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
    + 2004-03-20 19:45:28 19,456 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
    - 2004-03-30 02:49:42 364,544 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
    + 2004-08-19 23:09:20 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
    - 2004-03-20 19:45:28 45,056 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
    + 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
    + 2004-03-20 19:45:30 146,432 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
    - 2004-03-06 03:17:16 225,280 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
    + 2005-07-26 04:39:54 225,792 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
    - 2004-03-20 19:45:30 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
    + 2004-08-19 23:09:20 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
    - 2004-03-06 03:17:16 594,944 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
    + 2005-07-26 04:39:54 625,152 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
    - 2003-02-17 10:16:26 16,384 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
    + 2004-08-04 06:10:16 17,024 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
    - 2004-03-20 19:45:32 59,648 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
    + 2004-08-04 06:14:10 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
    - 2004-03-20 19:45:32 143,360 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
    + 2006-09-14 08:39:59 152,064 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
    + 2004-08-19 23:09:20 66,560 -c----w c:\windows\$NtServicePackUninstall$\cdm.dll
    - 2004-03-20 19:45:32 2,028,032 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
    + 2005-09-10 01:55:14 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
    - 2004-03-20 19:54:22 47,488 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
    + 2004-08-04 05:59:52 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
    - 2004-03-20 19:45:34 192,512 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
    + 2004-08-19 23:09:20 200,192 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
    - 2004-03-20 19:45:34 446,976 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
    + 2004-08-19 23:09:20 467,968 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
    - 2004-03-20 19:45:34 33,280 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
    + 2004-08-19 23:09:20 39,424 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
    - 2004-03-20 19:45:34 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
    + 2004-08-19 23:08:02 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
    + 2004-08-19 23:09:51 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
    + 2004-08-19 23:09:20 15,423 -c----w c:\windows\$NtServicePackUninstall$\ch7xxnt5.dll
    + 2004-08-04 06:00:12 8,192 -c----w c:\windows\$NtServicePackUninstall$\changer.sys
    + 2003-04-24 12:00:00 97,792 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
    + 2003-04-24 12:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
    + 2003-04-24 12:00:00 173,568 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
    + 2004-03-20 19:45:38 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
    - 2004-03-20 19:45:38 1,268,224 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
    + 2004-08-19 23:09:20 1,352,704 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
    - 2003-04-24 12:00:00 201,216 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
    + 2004-08-04 05:31:52 198,656 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
    - 2004-03-20 19:45:40 64,512 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
    + 2006-06-22 05:13:45 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
    - 2004-03-20 19:45:40 45,568 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
    + 2004-08-19 23:09:51 56,832 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
    - 2004-03-20 19:45:40 5,120 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
    + 2004-08-19 23:09:51 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
    - 2004-03-20 19:45:40 46,336 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
    + 2004-08-04 06:14:26 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
    - 2004-03-06 03:17:16 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
    + 2005-07-26 04:39:55 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
    - 2004-03-06 03:17:16 499,712 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
    + 2005-07-26 04:39:55 498,688 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
    - 2004-03-20 19:45:42 62,976 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
    + 2004-08-19 23:09:51 65,536 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
    - 2003-02-20 15:28:04 73,728 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
    + 2004-08-19 23:09:20 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
    - 2003-02-20 15:28:06 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
    + 2004-08-19 23:09:51 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
    - 2004-03-20 19:45:42 100,352 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
    + 2004-08-19 23:09:51 104,448 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
    - 2004-03-20 19:45:44 30,720 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
    + 2004-08-19 23:09:51 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
    - 2004-03-20 19:45:44 54,272 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
    + 2004-08-19 23:09:20 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
    + 2004-08-04 06:07:39 14,080 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
    - 2004-03-20 19:45:44 12,288 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
    + 2004-08-19 23:09:20 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
    - 2004-03-20 19:45:44 388,096 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
    + 2004-08-19 23:09:51 400,896 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
    - 2004-03-30 01:49:42 40,960 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
    + 2004-08-19 23:09:25 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
    - 2004-03-20 19:45:44 333,824 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
    + 2004-08-19 23:09:20 352,256 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
    - 2004-03-20 19:45:44 41,472 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
    + 2004-08-19 23:09:51 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
    - 2004-03-20 19:45:44 35,840 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
    + 2004-08-19 23:09:51 40,448 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
    - 2004-03-20 19:45:46 180,736 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
    + 2004-08-19 23:09:20 191,488 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
    + 2004-08-19 23:09:20 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
    - 2004-03-20 19:45:46 56,832 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
    + 2004-08-19 23:09:51 65,536 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
    - 2004-03-20 19:45:46 37,888 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
    + 2004-08-19 23:09:20 40,960 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
    - 2004-03-20 19:48:04 49,152 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
    + 2004-08-19 23:09:20 50,688 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
    + 2004-08-19 23:09:20 83,968 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon2.dll
    + 2004-08-19 23:09:20 47,104 -c----w c:\windows\$NtServicePackUninstall$\coadmin.dll
    - 2004-03-06 03:17:16 64,512 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
    + 2005-07-26 04:39:55 60,416 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
    + 2004-03-20 19:45:48 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
    - 2004-03-06 03:17:16 187,904 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
    + 2005-07-26 04:39:56 195,072 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
    - 2004-03-20 19:45:48 557,056 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
    + 2006-08-25 15:51:14 617,472 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
    - 2004-03-20 19:45:48 262,656 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
    + 2004-08-19 23:09:21 281,088 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
    - 2004-03-20 19:45:52 239,104 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
    + 2004-08-19 23:09:21 253,440 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
    + 2004-08-19 23:09:21 24,064 -c----w c:\windows\$NtServicePackUninstall$\compfilt.dll
    - 2004-03-20 19:45:52 223,744 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
    + 2004-08-19 23:09:21 230,912 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
    + 2005-07-26 04:39:56 97,792 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
    - 2004-02-17 19:49:58 8,192 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
    + 2004-08-19 23:09:51 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
    + 2004-03-20 19:45:52 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
    - 2004-03-20 19:45:52 851,968 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
    + 2004-08-19 23:09:21 851,968 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
    + 2004-08-04 05:59:34 9,728 -c----w c:\windows\$NtServicePackUninstall$\comsdupd.exe
    + 2004-03-20 19:45:54 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
    + 2004-03-20 19:45:54 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
    - 2004-03-06 03:17:16 1,194,496 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
    + 2005-07-26 04:39:57 1,267,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
    - 2004-03-06 03:17:16 499,200 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
    + 2005-07-26 04:39:57 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
    - 2004-03-20 19:45:56 1,007,616 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
    + 2004-08-19 23:09:51 1,044,480 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
    - 2004-03-20 19:45:56 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
    + 2004-08-19 23:09:21 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
    + 2004-03-20 19:45:56 346,112 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
    - 2004-03-20 19:45:56 24,576 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
    + 2004-08-19 23:09:51 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
    - 2004-03-20 19:45:58 14,877 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
    + 2007-01-08 18:01:14 17,408 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
    - 2004-03-20 19:46:02 160,768 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
    + 2004-08-19 23:09:21 165,888 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
    - 2004-03-20 19:54:22 34,304 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
    + 2004-08-19 22:59:24 40,704 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
    - 2002-09-23 10:10:48 551,424 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
    + 2004-08-19 23:09:21 604,672 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
    - 2004-03-20 19:46:04 71,168 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
    + 2004-08-19 23:09:21 75,776 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
    - 2004-03-20 19:46:04 29,184 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
    + 2004-08-19 23:09:21 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
    - 2004-03-20 19:46:04 49,664 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
    + 2004-08-19 23:09:21 54,784 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
    - 2004-03-20 19:46:04 53,248 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
    + 2004-08-19 23:09:21 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
    - 2003-03-25 12:41:12 53,760 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    + 2004-08-19 23:09:21 60,416 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    - 2003-07-24 16:41:42 495,616 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
    + 2004-08-19 23:09:21 530,432 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
    - 2004-10-28 01:31:14 93,184 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
    + 2004-08-19 23:09:21 102,912 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
    - 2004-03-20 19:46:04 102,450 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
    + 2004-08-19 23:09:51 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
    - 2004-03-20 19:46:04 318,464 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
    + 2004-08-19 23:09:21 337,920 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
    - 2004-03-20 19:46:04 29,184 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
    + 2004-08-19 23:09:21 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
    - 2004-03-20 19:46:04 4,096 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
    + 2004-08-19 23:09:51 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
    - 2004-03-20 19:46:06 13,312 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
    + 2004-08-19 23:09:51 15,360 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
    + 2004-08-19 23:09:21 252,416 -c----w c:\windows\$NtServicePackUninstall$\ctmasetp.dll
    - 2004-12-21 10:14:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
    + 2006-06-02 19:32:20 33,792 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
    - 2002-12-12 00:14:32 1,177,600 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
    + 2004-08-19 23:09:21 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
    - 2002-12-12 00:14:32 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
    + 2004-08-19 23:09:21 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
    - 2003-05-30 09:00:02 1,634,304 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
    + 2004-08-19 23:09:21 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
    - 2003-05-30 09:00:02 797,184 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
    + 2004-08-19 23:09:22 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
    - 2004-03-20 19:46:18 988,672 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
    + 2006-09-14 08:40:00 1,056,768 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
    - 2004-03-01 18:55:22 561,179 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
    + 2004-08-19 23:09:22 561,179 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
    - 2004-03-20 19:46:18 52,736 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
    + 2004-08-19 23:09:22 55,296 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
    + 2004-03-20 19:46:18 152,064 -c----w c:\windows\$NtServicePackUninstall$\d
    a c 295 8 Sécurité
    a b 9 Windows
    25 Février 2009 17:07:52

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    26 Février 2009 09:30:25

    re

    ComboFix 09-02-25.02 - cynthia 2009-02-26 9:00:45.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.471 [GMT 1:00]
    Running from: c:\documents and settings\cynthia\Bureau\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
    FW: Panda Internet Security 2008 *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
    .

    2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-02-19 11:58 . 2009-02-19 11:58 131,072 --a------ c:\documents and settings\cynthia\client1.exe
    2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
    2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
    2009-02-12 17:06 . 2009-02-12 17:06 94,720 --a------ c:\windows\system32\InstallAVg_77015112.exe.tmp
    2009-02-12 09:19 . 2009-02-25 15:42 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
    2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
    2009-02-12 08:43 . 2009-02-12 08:49 32,768 --a------ c:\windows\system32\drivers\ati4tyxx.sys
    2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
    2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
    2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
    2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
    2009-02-09 09:08 . 2009-02-09 09:08 0 --a------ c:\windows\system32\system32xp.exe.tmp
    2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
    2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-26 07:59 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
    2009-02-26 07:50 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
    2009-02-25 14:48 --------- d-----w c:\program files\LBINT
    2009-02-25 14:48 --------- d-----w c:\program files\DNA
    2009-02-25 09:47 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
    2009-02-20 11:16 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
    2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
    2009-02-19 11:49 --------- d-----w c:\program files\Java
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\DllCache\mshtml.dll
    2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
    2009-01-13 10:50 --------- d-----w c:\program files\ESET
    2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
    2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
    2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\DllCache\wininet.dll
    2008-12-20 22:47 671,232 ----a-w c:\windows\system32\DllCache\mstime.dll
    2008-12-20 22:47 477,696 ----a-w c:\windows\system32\DllCache\mshtmled.dll
    2008-12-20 22:47 44,544 ----a-w c:\windows\system32\DllCache\pngfilt.dll
    2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
    2008-12-20 22:47 193,024 ----a-w c:\windows\system32\DllCache\msrating.dll
    2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
    2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
    2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\DllCache\urlmon.dll
    2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
    2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
    2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
    2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
    2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
    2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
    2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
    - 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
    - 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
    - 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2009-02-25 14:42:06 16,384 ----atw c:\windows\temp\Perflib_Perfdata_97c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
    "CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
    EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
    --a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
    --a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
    --a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
    --a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    --------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\LBINT\\launch1.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\LBINT\\Launch.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6129:TCP"= 6129:TCP:D ameWare
    "25:TCP"= 25:TCP:MailLbint

    R0 ati0xexx;ati0xexx;c:\windows\system32\drivers\ati0xexx.sys [2009-02-12 32768]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
    S0 ati4tyxx;ati4tyxx;c:\windows\system32\drivers\ati4tyxx.sys [2009-02-12 32768]
    S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
    S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-26 c:\windows\Tasks\HPpromotions journeysoftware.job
    - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
    uInternet Settings,ProxyOverride = localhost;*.local
    LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
    TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-26 09:06:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(468)
    c:\program files\ICRAplus\ICRAplus\lsp.dll
    c:\program files\Bonjour\mdnsNSP.dll

    - - - - - - - > 'lsass.exe'(536)
    c:\program files\ICRAplus\ICRAplus\lsp.dll
    c:\program files\Bonjour\mdnsNSP.dll
    .
    Completion time: 2009-02-26 9:11:31
    ComboFix-quarantined-files.txt 2009-02-26 08:10:13
    ComboFix2.txt 2009-02-13 15:17:10
    ComboFix3.txt 2008-08-07 13:12:12
    ComboFix4.txt 2008-08-07 10:50:36

    Pre-Run: 78 172 545 024 octets libres
    Post-Run: 78,174,629,888 octets libres

    Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
    223 --- E O F --- 2009-02-25 08:35:00

    merci
    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2009 14:07:01

  • Fais analyser ces deux fichiers :
    - c:\documents and settings\cynthia\client1.exe
    - c:\windows\system32\drivers\ati0xexx.sys

  • Sur VirusTotal et poste les liens des analyses.
    26 Février 2009 14:50:11

    voila le 1er:

    VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 1 of 3

    Suomi | ihMdI |


    | ..... |


    | Slovenšcina | Dansk | .......
    | Româna
    | Türkçe | Nederlands | ........
    |


    Svenska | Português | Italiano |


    |


    | Magyar | Deutsch | Cesky | Polski | Español | English

    Virustotal est un service qui analyse les
    fichiers suspects et facilite la détection rapide
    des virus, vers, chevaux de Troie et toutes sortes
    de malwares détectés par les moteurs antivirus.

    Plus d'informations...

    Impression des résultats
    Fichier client1.exe reçu le 2009.02.26 14:46:14 (CET)
    Situation actuelle: terminé
    Résultat: 2/39 (5.13%
    )



    Formaté


    Antivirus Version Dernière mise à jour Résultat

    a-squared 4.0.0.101 2009.02.26
    -
    AhnLab-V3 5.0.0.2 2009.02.26
    -
    AntiVir 7.9.0.93 2009.02.26
    -
    Authentium 5.1.0.4 2009.02.26
    -
    Avast 4.8.1335.0 2009.02.25
    -
    AVG 8.0.0.237 2009.02.26
    -
    BitDefender 7.2 2009.02.26
    -
    CAT-QuickHeal 10.00 2009.02.26
    -
    ClamAV 0.94.1 2009.02.26
    -
    Comodo 986 2009.02.20
    -
    DrWeb 4.44.0.09170 2009.02.26
    -
    eSafe 7.0.17.0 2009.02.26
    -
    eTrust-Vet 31.6.6375 2009.02.26
    -
    F-Prot 4.4.4.56 2009.02.25
    -
    F-Secure 8.0.14470.0 2009.02.26
    -
    Fortinet 3.117.0.0 2009.02.26
    -
    GData 19 2009.02.26
    -
    Ikarus T3.1.1.45.0 2009.02.26
    -
    K7AntiVirus 7.10.647 2009.02.25
    -
    Kaspersky 7.0.0.125 2009.02.26
    -
    McAfee 5536 2009.02.25 New Malware.ac
    McAfee+Artemis 5536 2009.02.25 New Malware.ac
    Microsoft 1.4306 2009.02.26
    -


    http://www.virustotal.com/fr/analisis/448fd599887a21e0f... 26/02/2009


    VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 2 of 3

    NOD32 3890 2009.02.26
    -
    Norman 6.00.06 2009.02.26
    -
    nProtect 2009.1.8.0 2009.02.26
    -
    Panda 10.0.0.10 2009.02.26
    -
    PCTools 4.4.2.0 2009.02.26
    -
    Prevx1 V2 2009.02.26
    -
    Rising 21.18.32.00 2009.02.26
    -
    SecureWeb-Gateway 6.0.0 2009.02.26
    -
    Sophos 4.39.0 2009.02.26
    -
    Sunbelt 3.2.1858.2 2009.02.25
    -
    Symantec 10 2009.02.26
    -
    TheHacker 6.3.2.5.265 2009.02.25
    -
    TrendMicro 8.700.0.1004 2009.02.26
    -
    VBA32 3.12.10.0 2009.02.26
    -
    ViRobot 2009.2.26.1625 2009.02.26
    -
    VirusBuster 4.5.11.0 2009.02.25
    -


    Information additionnelle

    File size: 131072 bytes
    MD5...: 0b52172f524ca4e038e92b447b1138b5
    SHA1..: 678dd661ee51a3994e9df5aab4e33b9221c3b9fe
    SHA256: 1054de45c37de73ee33951124543d37cfbd9c26008fc09d8c06eb8b0ca965feb
    SHA512: c8ca038c8898ce34c3960730770e3bc569832ee18124058b4be6e2d9ca08ddec


    dc808dcbe7fa57e397dd89a962e8a23b60b961ac072a6cd08c8c2c8f3d696335


    ssdeep: 1536:x15u4lZnqerFIc3gxAzKeiqLT8dgwWsx377iTbqd3KGSZb2FipCKzo+YbRc
    awg2f:x15u6ZrJ3gezKeiqLTogwWQ377YkEL
    PEiD..:
    -
    TrID..: File type identification


    Win32 Executable Generic (68.0%
    )
    Generic Win/DOS Executable (15.9%
    )
    DOS Executable Generic (15.9%
    )
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%
    )


    PEInfo: PE Structure information


    ( base data
    )
    entrypointaddress.: 0x4011fc
    timedatestamp.....: 0x499ac07e (Tue Feb 17 13:49:50 2009)
    machinetype.......: 0x14c (I386)


    ( 3 sections
    )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1db28 0x1e000 5.36 db03db0c3d2786ed1dcb2037f60943a5
    .data 0x1f000 0x2d8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rsrc 0x22000 0xc24 0x1000 4.58 b7beba4ce8163612e5a3c6a871d9061f


    http://www.virustotal.com/fr/analisis/448fd599887a21e0f... 26/02/2009


    VirusTotal -Analyse gratuite en ligne de virus et malwares -Résultat Page 3 of 3

    ( 1 imports
    )
    > MSVBVM60.DLL: MethCallEngine, -, -, -, -, -, -, -, -, -, -
    ,
    EVENT_SINK_AddRef, -, -, DllFunctionCall, -, EVENT_SINK_Release, -
    ,
    EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, -, -, -, -
    ,
    ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -,
    -


    ( 0 exports
    )



    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a
    aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de
    détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui
    offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans
    danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la
    détection des virus et malwares.
    VirusTotal © Hispasec Sistemas -Blog -Contact: info@virustotal.com -Terms of Service & Privacy Policy

    http://www.virustotal.com/fr/analisis/448fd599887a21e0f... 26/02/2009


    26 Février 2009 14:53:52

    je n'arrive pas à faire analyser le 2e, voila le message:
    0 bytes size received / Se ha recibido un archivo vacio
    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2009 15:02:32

    Ok, je te fais une procédure.
    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2009 15:09:03

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    ati0xexx
    ati4tyxx

    :files
    c:\documents and settings\cynthia\client1.exe
    c:\windows\system32\InstallAVg_77015112.exe.tmp
    c:\windows\system32\drivers\ati0xexx.sys
    c:\windows\system32\drivers\ati4tyxx.sys
    c:\windows\system32\system32xp.exe.tmp

    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    26 Février 2009 16:28:07

    Error: Unable to interpret <processes > in the current context!
    Error: Unable to interpret <explorer.exe > in the current context!
    ========== SERVICES/DRIVERS ==========
    Unable to stop service ati0xexx .
    Service ati4tyxx stopped successfully.
    Service ati4tyxx deleted successfully.
    ========== FILES ==========
    c:\documents and settings\alexis\client1.exe moved successfully.
    c:\windows\system32\InstallAVg_77015112.exe.tmp moved successfully.
    File move failed. c:\windows\system32\drivers\ati0xexx.sys scheduled to be moved on reboot.
    c:\windows\system32\drivers\ati4tyxx.sys moved successfully.
    c:\windows\system32\system32xp.exe.tmp moved successfully.
    ========== REGISTRY ==========
    Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys\\ .
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys\\ deleted successfully.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0xexx.sys\\ .
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4tyxx.sys\\ deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\HVF_TMP.ldb scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\HVF_TMP.MDB scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET793.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET846.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JET847.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\JETDAE2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\~DF11A8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\cynthia\LOCALS~1\Temp\~DF9A8A.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_97c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02262009_160409
    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2009 16:30:53

    Peux-tu refaire la manip' mais en mode sans échec ?

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.
    26 Février 2009 16:55:15

    je n'arrive pas à me reconnecter en mode sans echec, le pc ne reconnait pas mon mot de passe
    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2009 17:00:46

    Refais un scan ComboFix pour que je vérifie quelque chose.
    27 Février 2009 09:29:38

    bonjour,
    voila le rapport:

    ComboFix 09-02-25.02 - cynthia 2009-02-27 8:54:14.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.467 [GMT 1:00]
    Lancé depuis: c:\documents and settings\cynthia\Bureau\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
    FW: Panda Internet Security 2008 *disabled*
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-26 16:04 . 2009-02-26 16:04 <REP> d-------- C:\_OTMoveIt
    2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-02-19 11:58 . 2009-02-19 11:58 131,072 --a------ c:\documents and settings\cynthia\client1.exe
    2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
    2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
    2009-02-12 09:19 . 2009-02-26 16:39 32,768 --a------ c:\windows\system32\drivers\ati0xexx.sys
    2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
    2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
    2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
    2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
    2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit
    2009-01-30 14:45 . 2009-02-01 00:03 <REP> d-------- c:\documents and settings\cynthia\download
    2009-01-30 14:45 . 2009-02-01 00:03 60 --a------ c:\documents and settings\cynthia\ocsinventory.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 07:51 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
    2009-02-27 07:47 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
    2009-02-26 15:39 --------- d-----w c:\program files\LBINT
    2009-02-26 15:39 --------- d-----w c:\program files\DNA
    2009-02-26 09:53 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
    2009-02-20 11:16 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
    2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
    2009-02-19 11:49 --------- d-----w c:\program files\Java
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\DllCache\mshtml.dll
    2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
    2009-01-13 10:50 --------- d-----w c:\program files\ESET
    2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
    2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
    2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\DllCache\wininet.dll
    2008-12-20 22:47 671,232 ----a-w c:\windows\system32\DllCache\mstime.dll
    2008-12-20 22:47 477,696 ----a-w c:\windows\system32\DllCache\mshtmled.dll
    2008-12-20 22:47 44,544 ----a-w c:\windows\system32\DllCache\pngfilt.dll
    2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
    2008-12-20 22:47 193,024 ----a-w c:\windows\system32\DllCache\msrating.dll
    2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
    2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
    2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\DllCache\urlmon.dll
    2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
    2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
    2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
    2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
    2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
    2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
    2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
    - 2008-10-15 01:13:38 163,528 ----a-w c:\windows\system32\fntcache.dat
    + 2009-02-26 15:31:46 163,528 ----a-w c:\windows\system32\fntcache.dat
    - 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
    - 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
    - 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2009-02-26 15:39:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_708.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
    "CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
    EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
    --a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
    --a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
    --a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
    --a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    --------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\LBINT\\launch1.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\LBINT\\Launch.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6129:TCP"= 6129:TCP:D ameWare
    "25:TCP"= 25:TCP:MailLbint

    R0 ati0xexx;ati0xexx;c:\windows\system32\drivers\ati0xexx.sys [2009-02-12 32768]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
    S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
    S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-27 c:\windows\Tasks\HPpromotions journeysoftware.job
    - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
    uInternet Settings,ProxyOverride = localhost;*.local
    LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
    TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 09:00:11
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(464)
    c:\program files\ICRAplus\ICRAplus\lsp.dll
    c:\program files\Bonjour\mdnsNSP.dll

    - - - - - - - > 'lsass.exe'(532)
    c:\program files\ICRAplus\ICRAplus\lsp.dll
    c:\program files\Bonjour\mdnsNSP.dll
    .
    Heure de fin: 2009-02-27 9:04:55
    ComboFix-quarantined-files.txt 2009-02-27 08:03:37
    ComboFix2.txt 2009-02-26 08:11:33
    ComboFix3.txt 2009-02-13 15:17:10
    ComboFix4.txt 2008-08-07 13:12:12
    ComboFix5.txt 2009-02-27 07:53:48

    Avant-CF: 67 263 619 072 octets libres
    Après-CF: 67,252,678,656 octets libres

    Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
    220 --- E O F --- 2009-02-25 08:35:00
    a c 295 8 Sécurité
    a b 9 Windows
    27 Février 2009 16:07:06

    Je te donne des nouvelles plus tard ;) 
    27 Février 2009 16:42:43

    ok, de toute façon je pars en week end,
    a lundi
    merci
    a c 295 8 Sécurité
    a b 9 Windows
    27 Février 2009 16:50:09

    Bon week-end.
    3 Mars 2009 09:08:15

    salut,
    quoi de neuf?
    a c 295 8 Sécurité
    a b 9 Windows
    3 Mars 2009 12:22:33

    /!\ Seul cynthia_38 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    ati0xexx

    File::
    c:\windows\system32\drivers\ati0xexx.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0xexx.sys]


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    3 Mars 2009 18:04:04

    ComboFix 09-03-02.03 - cynthia 2009-03-03 17:24:23.7 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1014.340 [GMT 1:00]
    Lancé depuis: c:\documents and settings\cynthia\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\cynthia\Bureau\CFScript .txt
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
    FW: Panda Internet Security 2008 *disabled*
    * Un nouveau point de restauration a été créé
    * Resident AV is active


    FILE ::
    c:\windows\system32\drivers\ati0xexx.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Microsoft Common
    c:\program files\Microsoft Common\svchost.exe
    c:\windows\system32\drivers\ati0xexx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ATI0XEXX
    -------\Service_ati0xexx


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-27 16:24 . 2009-02-27 16:24 131,072 --a------ c:\documents and settings\cynthia\client1.exe
    2009-02-26 16:04 . 2009-02-26 16:04 <REP> d-------- C:\_OTMoveIt
    2009-02-19 12:49 . 2009-02-19 12:49 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-19 12:49 . 2009-02-19 12:49 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-02-16 09:02 . 2009-02-16 09:02 <REP> d-------- c:\documents and settings\cynthia\Application Data\Malwarebytes
    2009-02-16 08:57 . 2009-02-16 08:57 <REP> d--hs---- C:\found.000
    2009-02-12 08:46 . 2009-02-12 08:47 1,374 --a------ c:\windows\imsins.BAK
    2009-02-10 13:44 . 2009-02-10 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
    2009-02-09 18:16 . 2009-02-09 18:23 <REP> d-------- C:\IDN
    2009-02-09 16:55 . 2009-02-16 15:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 16:55 . 2009-02-09 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-09 16:30 . 2009-02-09 16:49 <REP> d-------- c:\program files\FindyKill
    2009-02-09 09:42 . 2009-02-09 09:43 <REP> d-------- C:\rsit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 16:34 --------- d-----w c:\program files\LBINT
    2009-03-03 16:34 --------- d-----w c:\program files\DNA
    2009-03-03 16:34 --------- d-----w c:\documents and settings\cynthia\Application Data\DNA
    2009-03-03 16:06 --------- d-----w c:\documents and settings\cynthia\Application Data\SolidDocuments
    2009-03-03 13:47 --------- d-----w c:\documents and settings\cynthia\Application Data\BitTorrent
    2009-03-02 09:56 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
    2009-03-01 17:35 60 ----a-w c:\documents and settings\cynthia\ocsinventory.dat
    2009-02-19 17:15 3,532 ----a-w C:\drmHeader.bin
    2009-02-19 11:49 --------- d-----w c:\program files\Java
    2009-01-14 10:56 --------- d-----w c:\program files\Panda Security
    2009-01-13 10:50 --------- d-----w c:\program files\ESET
    2009-01-13 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
    2009-01-13 10:45 --------- d-----w c:\program files\Fichiers communs\Panda Software
    2009-01-13 10:26 0 ----a-w c:\windows\system32\drivers\wnmsav.dat
    2007-10-17 13:15 312 ----a-w c:\documents and settings\Administrateur.HEVEAFIL.000\Application Data\config.dat
    2006-09-18 08:02 304 ----a-w c:\documents and settings\Administrateur.HEVEAFIL\Application Data\config.dat
    2006-06-22 15:26 278 ----a-w c:\documents and settings\Sylviane\Application Data\config.dat
    2005-12-06 10:54 225,280 ----a-w c:\program files\Patch_Window_A_0_14.exe
    2008-09-10 07:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-02-13_16.13.58.46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2009-02-13 14:55:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-03-03 10:56:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-02-13 14:55:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2009-03-03 10:56:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2009-02-13 14:55:12 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-03 10:56:30 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-17 19:02:15 8,517,632 ------w c:\windows\system32\DllCache\shell32.dll
    - 2008-10-15 01:13:38 163,528 ----a-w c:\windows\system32\fntcache.dat
    + 2009-02-26 15:31:46 163,528 ----a-w c:\windows\system32\fntcache.dat
    - 2003-11-19 16:36:26 24,681 ----a-w c:\windows\system32\java.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\java.exe
    - 2003-11-19 16:36:30 28,779 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 144,792 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-19 11:49:34 148,888 ----a-w c:\windows\system32\javaws.exe
    - 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
    + 2009-03-03 16:33:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_670.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-07 180269]
    "CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Client Net-Assistance.lnk - c:\program files\LBINT\Launch.exe [2008-11-05 36864]
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
    EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    HP monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-08 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-08 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmCardRun]
    --a------ 2003-09-16 16:50 229376 c:\windows\system32\CmWatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2004-04-26 09:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyeOnFiles.exe]
    --a------ 2008-02-17 14:58 4838400 c:\program files\HGMB\EyeOnFiles\EyeOnFiles.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
    --a------ 2003-09-09 10:25 102400 c:\program files\ScanSoft\PDF Converter\RegistryController.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
    --a------ 2008-01-23 14:47 847872 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2003-11-19 18:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-10-07 12:56 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    --------- 2002-11-08 10:50 19968 c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\LBINT\\launch1.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\LBINT\\Launch.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6129:TCP"= 6129:TCP:D ameWare
    "25:TCP"= 25:TCP:MailLbint

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-21 14156]
    S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
    S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-07-13 48512]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-03-03 c:\windows\Tasks\HPpromotions journeysoftware.job
    - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
    uInternet Settings,ProxyOverride = localhost;*.local
    LSP: c:\program files\ICRAplus\ICRAplus\lsp.dll
    TCP: {3C682CED-F5BD-48AC-A7C8-327F26A53BA3} = 192.168.15.1,192.168.15.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 17:34:40
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(464)
    c:\program files\ICRAplus\ICRAplus\lsp.dll

    - - - - - - - > 'lsass.exe'(528)
    c:\program files\ICRAplus\ICRAplus\lsp.dll
    c:\program files\Bonjour\mdnsNSP.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\EPSON\ESM2\eEBSvc.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\system32\BAsfIpM.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\DWRCS.exe
    c:\program files\Dell\OpenManage\Client\Iap.exe
    c:\program files\ICRAplus\ICRAplus\ICRAplus.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
    c:\windows\system32\DWRCST.exe
    c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\documents and settings\alexis\client1.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-03 17:42:32 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-03 16:41:15
    ComboFix2.txt 2009-02-27 08:04:57
    ComboFix3.txt 2009-02-26 08:11:33
    ComboFix4.txt 2009-02-13 15:17:10
    ComboFix5.txt 2009-03-03 16:22:17

    Avant-CF: 26 783 739 904 octets libres
    Après-CF: 26,808,414,208 octets libres

    Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
    238 --- E O F --- 2009-02-25 08:35:00
    a c 295 8 Sécurité
    a b 9 Windows
    3 Mars 2009 20:30:14

    Des changements ?

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    4 Mars 2009 11:47:13

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1815
    Windows 5.1.2600 Service Pack 3

    04/03/2009 10:41:42
    mbam-log-2009-03-04 (10-41-42).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 165991
    Temps écoulé: 40 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 295 8 Sécurité
    a b 9 Windows
    4 Mars 2009 16:25:57

    Ton PC va mieux ?
    5 Mars 2009 09:19:24

    non pas vraiment je n'ai pas de virus mais internet est toujours aussi lent (ça me rappelle l'epoque des 56K)
    a c 295 8 Sécurité
    a b 9 Windows
    5 Mars 2009 15:33:10

  • Télécharge le scanner portable AVPTool sur ton Bureau.
  • Lance l'exécutable intitulé setup_7.0xxxxx en double-cliquant dessus.
  • Réponds Oui à la question Do you want to continue installation ?.
  • Clique sur Next pour les deux fenêtres suivantes : AVPTool s'installe sur ton Bureau dans un dossier nommé Kaspersky Lab Tool.
  • L'outil se lance tout seul : coche toutes les cases dans l'onglet Automatic Scan.
  • Clique maintenant sur Scan. Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
  • A la fin du scan, AVPTool signale les objets infectés par l'intermédiaire d'un pop-up : coche alors Apply to all et clique sur Disinfect ou sur Delete selon ce que propose la fenêtre.
  • Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés : ils apparaissent en rouge dans la liste : clique alors sur le bouton Neutralize all de la fenêtre de progression du scan : si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur OK.
  • Rends-toi maintenant dans l'onglet Events de la fenêtre de progression du scan et décoche Show all events.
  • Clique enfin sur Reports puis Save to file et enregistre le rapport sur ton Bureau sous le nom Rapport AVPTool.
  • Ferme les fenêtres d'AVPTool : un message apparaît proposant de désinstaller le logiciel : choisis Yes.
  • Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation. À la question Would you like to restart now, réponds Oui et laisse ton ordinateur redémarrer en Mode normal.
  • Poste le rapport dans ta prochaine réponse.
    9 Mars 2009 09:31:07

    Bonjour,
    le scan s'est bien passé, il a trouvé 2 virus :

    deleted: malware Hoax.Win32.Renos.efr File: C:\Documents and Settings\cynthia\Bureau\divers\SmitfraudFix\IEDFix.exe

    deleted: malware Hoax.Win32.Renos.efr File: C:\System Volume Information\_restore{5F985532-CDFA-45C3-8CDC-756D8B17D761}\RP68\A0021576.exe

    Mais impossible de récuperer le rapport, je l'enregistre en fichier txt mais quand je veux l'ouvrir il bug, je pense que ça doit provenir de la taille du fichier: 151mo!
    si tu connais un moyen de couper le texte en plusieur parties...
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mars 2009 09:43:29

    En fait, il n'a pas trouvé de virus, c'est juste un composant de SmitfraudFix.

    Tu es en wifi ?
    10 Mars 2009 17:08:00

    non, je suis en réseau avec 1 livebox
    a c 295 8 Sécurité
    a b 9 Windows
    12 Mars 2009 00:35:59

    Je ne sais pas pourquoi ton Internet rame.

    Je cherche.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS