Votre question

Beson d'aide: virus trojan et malware [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Décembre 2008 23:45:59

Bonsoir,
Après avir allumé mon ordinateur un message s'est affiché m deandant mon autorisation pour exécuter l'application csrss.exe. J'ai donc refusé et ensuite vista m'a détecté un virus: Trojan:Win32/Vundo.gen!AG
Il dit me le supprimer mais haqu fois que je rallume mon ordinteur rien ne change. Quoi que si...il me détecte maintenant 3 autres virus. Il identifie 3 trojans et 1 malwre dont voici les noms: Smitfraud, Win32.Small.buy, Virtumonde et virtumonde.prx
Après m'être renseignée sur différents forums j'a téléchargé HijackThis et voici le rapport qui s'affiche:


* Trend Micro HijackThis v2.0.2 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.



Je m'y connais ps beaucoup en informatique alors je ne sais vraiment pas quoi faire...
Merci d'avance pour votre aide!

Autres pages sur : beson aide virus trojan malware resolu

6 Décembre 2008 23:52:49

:hello:  Bonjour,

Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.

Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.

Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.

1) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

    2) Télécharge Gmer.

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et upload-le sur mediafire.

    Uploader un fichier sur mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
  • Clique ensuite sur "Upload".
  • A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
  • Valide et laisse l'upload se faire.
  • Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

    3) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande. Copie/colle le rapport sur le forum. N'uploade des fichiers sur mediafire que si j'en fais la demande explicite.

    ;) 
    7 Décembre 2008 00:24:49

    Tout d'abord merci beaucoup de l'attention portée à mon message! Me voila soulagée!
    Alors j'ai bien réussi à installer toolbar comme pécisé dans la première étape.

    Voici ce qu'il me dit:


    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
    BIOS : Ver 1.00PARTTBLP
    USER : laura ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:71 Go (Free:40 Go)
    D:\ (Local Disk) - NTFS - Total:70 Go (Free:1 Go)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [1] ( 06/12/2008|23:57 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.fr/"
    "SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://fr.fr.acer.yahoo.com"
    "Default_Page_URL"="http://fr.fr.acer.yahoo.com"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - 06/12/2008|23:57 - Option : [1]

    -----------\\ Fin du rapport a 23:57:49,07


    Par contre, lorsque j'exécute Gmer, Winrar m'affiche un message d'erreur:
    Après un emplacement de dossier il m'indique ces trois messages:
    Ce premier message lorsque j'ouvre le fichier:"unexpected end of archive"
    Ceux-ci lorque je tente d'extraire les informations: "the archive is either in unknown format or damaged"
    -cannot execute

    ...que dois-je faire?
    Contenus similaires
    7 Décembre 2008 00:31:30

    Oupsss...bé en fait après un 4ème essai j'ai réussi à le dézipper...
    J'envoie la suite une fois tout terminé!
    7 Décembre 2008 01:35:21

    Voici l'URL demandé:



    Et le rapport DDS.txt:

    DDS (Version 1.0) - NTFSx86
    Run by laura at 1:13:35,29 on 07/12/2008
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.865 [GMT 1:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Users\laura\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\laura\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.fr/
    uSEARCH PAGE = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [????r]
    uRun: [SuperCopier.exe] c:\program files\supercopier\SuperCopier.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    uRun: [LSA Shellu] c:\users\laura\lsass.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [?????????] ??????????????e
    uRun: [cmds] rundll32.exe c:\users\laura\appdata\local\temp\cbXQHwWo.dll,c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Acer Tour]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [eRecoveryService]
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\SMSCirda.sys [2006-12-5 31232]

    =============== Created Last 30 ================

    2008-12-07 00:28 250 a------- c:\windows\gmer.ini
    2008-12-06 23:56 <DIR> --d----- C:\ToolBar SD
    2008-12-06 21:54 <DIR> --d----- c:\programdata\Lavasoft
    2008-12-06 21:04 1,505,792 a------- c:\windows\system32\tquery.dll
    2008-12-06 21:03 860,160 a------- c:\windows\system32\WerFaultSecure.exe
    2008-12-06 21:02 506,880 a------- c:\windows\system32\MSMPEG2ENC.DLL
    2008-12-06 21:01 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
    2008-12-06 21:00 150 a------- c:\windows\system32\RacUREx.xml
    2008-12-06 21:00 145,455 a------- c:\windows\system32\perfmon.msc
    2008-12-06 21:00 599,552 a------- c:\windows\system32\vsp1cln.exe
    2008-12-06 21:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 357,888 a------- c:\windows\system32\wbemcomn.dll
    2008-12-06 20:59 129,536 a------- c:\windows\system32\sqmapi.dll
    2008-12-06 20:59 704,512 a------- c:\windows\system32\SmiEngine.dll
    2008-12-06 20:59 139,264 a------- c:\windows\system32\SmiInstaller.dll
    2008-12-06 20:59 218,624 a------- c:\windows\system32\wdscore.dll
    2008-12-06 20:59 130,560 a------- c:\windows\system32\PkgMgr.exe
    2008-12-06 20:58 246,784 a------- c:\windows\system32\drvstore.dll
    2008-12-06 20:58 305,152 a------- c:\windows\system32\msdelta.dll
    2008-12-06 20:58 258,560 a------- c:\windows\system32\dpx.dll
    2008-12-06 20:58 35,328 a------- c:\windows\system32\mspatcha.dll
    2008-12-06 20:08 <DIR> --d----- c:\windows\system32\uXPi02
    2008-12-06 18:34 <DIR> --d----- c:\windows\system32\RS4
    2008-12-06 17:58 <DIR> --d----- C:\VundoFix Backups
    2008-12-06 17:21 <DIR> --d----- c:\temp\DIV55
    2008-12-06 15:45 <DIR> --d----- C:\PerfLogs
    2008-12-06 14:52 <DIR> --d----- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 <DIR> --d----- C:\Downloads
    2008-12-06 04:11 <DIR> --d----- C:\Bases
    2008-12-06 04:10 <DIR> --d----- C:\Kaspersky
    2008-12-05 20:17 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2008-12-05 20:17 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
    2008-12-05 20:06 112,356 a------- c:\users\laura\csrss.exe
    2008-11-26 18:09 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
    2008-11-26 18:09 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
    2008-11-26 18:09 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
    2008-11-26 18:09 712,704 a------- c:\windows\system32\WindowsCodecs.dll
    2008-11-26 18:09 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
    2008-11-26 18:09 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
    2008-11-26 18:09 1,645,568 a------- c:\windows\system32\connect.dll
    2008-11-23 16:36 1,524,736 a------- c:\windows\system32\wucltux.dll
    2008-11-23 16:35 83,456 a------- c:\windows\system32\wudriver.dll
    2008-11-23 16:35 162,064 a------- c:\windows\system32\wuwebv.dll
    2008-11-23 16:35 31,232 a------- c:\windows\system32\wuapp.exe
    2008-11-22 13:26 <DIR> --d----- c:\program files\MSECache
    2008-11-16 13:15 179,712 a------- c:\users\laura\gif.exe
    2008-11-11 21:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2008-11-11 21:13 1,191,936 a------- c:\windows\system32\msxml3.dll
    2008-11-11 21:13 1,334,272 a------- c:\windows\system32\msxml6.dll
    2008-11-11 21:10 1,470,822 a------- c:\windows\system32\PerfStringBackup.INI

    ==================== Find3M ====================

    2008-12-06 22:55 669,578 a------- c:\windows\system32\perfh00C.dat
    2008-12-06 22:55 123,556 a------- c:\windows\system32\perfc00C.dat
    2008-12-06 22:54 174 a--sh--- c:\program files\desktop.ini
    2008-12-06 22:52 143,360 a------- c:\windows\inf\infstrng.dat
    2008-12-06 22:52 86,016 a------- c:\windows\inf\infstor.dat
    2008-12-06 22:52 86,016 a------- c:\windows\inf\infpub.dat
    2008-12-06 22:44 665,600 a------- c:\windows\inf\drvindex.dat
    2008-12-06 21:23 101,888 a------- c:\windows\system32\ifxcardm.dll
    2008-12-06 21:23 82,432 a------- c:\windows\system32\axaltocm.dll
    2008-11-05 08:26 79,360 a------- c:\users\laura\index.exe
    2008-10-02 04:49 827,392 a------- c:\windows\system32\wininet.dll
    2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
    2008-09-18 06:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
    2008-09-18 06:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
    2008-09-18 03:16 2,032,640 a------- c:\windows\system32\win32k.sys
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2008-03-03 18:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2007-07-31 18:56 16,384 a--sh--- c:\windows\temp\cookies\index.dat
    2007-07-31 18:56 32,768 a--sh--- c:\windows\temp\fichiers internet temporaires\content.ie5\index.dat
    2007-07-31 18:56 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

    ============= FINISH: 1:14:20,19 ===============

    PS: MERCI MERCI MERCI!! :) 
    7 Décembre 2008 11:34:35

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ;) 
    7 Décembre 2008 12:26:56

    ComboFix 08-12-06.06 - laura 2008-12-07 12:16:35.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1112 [GMT 1:00]
    Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\temp\DIV55
    c:\temp\DIV55\xDb.log
    c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
    c:\users\laura\csrss.exe
    c:\windows\system32\pac.txt
    c:\windows\system32\uXPi02
    c:\windows\system32\uXPi02\uXPi022328.exe
    c:\windows\system32\x64

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
    2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
    2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
    2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
    2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
    2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
    2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
    2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
    2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
    2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
    2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
    2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
    2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
    2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
    2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 21:10 . 2008-12-07 07:42 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
    2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
    2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
    2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:D ecryption

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1960b9a4-ae3f-11dd-b598-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3304f14c-ec28-11dc-9b38-0016d46a96cd}]
    \shell\AutoRun\command - F:\EmDesk.exe
    \shell\EmDesk\command - F:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3712cf5e-8699-11dd-ae8c-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483c5279-0072-11dc-bcfb-0016d46a96cd}]
    \shell\Auto\command - E:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594a5c09-b6e1-11dd-b2a4-0016d46a96cd}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
    \shell\Auto\command - E:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997eca06-c1da-11dd-9a3a-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac35f225-a779-11dd-af04-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65fd938-a33e-11dc-ab8c-0016d46a96cd}]
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e823854f-0456-11dc-9bf2-0016d46a96cd}]
    \shell\AutoRun\command - F:\6l6w8.com
    \shell\explore\Command - F:\6l6w8.com
    \shell\open\Command - F:\6l6w8.com

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-LSA Shellu - c:\users\laura\lsass.exe
    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 12:19:41
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-07 12:21:20
    ComboFix-quarantined-files.txt 2008-12-07 11:21:17

    Avant-CF: 42 648 465 408 octets libres
    Après-CF: 42,555,404,288 octets libres

    224 --- E O F --- 2008-12-06 20:26:25
    7 Décembre 2008 12:32:26

    Re,

    1) Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer"

    2)
  • Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option Nettoyage.
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    3) Refais un scan avec combofix et poste-moi le nouveau rapport que tu obtiens.

    ;) 
    7 Décembre 2008 13:10:07

    Bon alors j'ai bien tout suivi mais impossible de trouver le rapport lors du redémarrage de l'ordinateur... :cry: 
    J'ai donc relancé UsbFix et j'ai trouvé (non sans difficulté), au redémarrage, le seul fichier texte qui pourrait éventuellement correspondre: "Changelog UsbFix.txt" mais c'est bizarre pcq'il me dit qu'il a été crée le 1er décembre et modifié le 6 décembre alors que je n'avais encore rien installé...
    Enfin bref je transmets ce qu'il y a dans ce document:


    Changelog UsbFix établit le 2 decembre 2008
    outils créé par Chiquitine29 , aide aux mises a jours -> Chimay8


    >>>>>>in "ProgramFiles"<<<<<<<<<

    Internet Explorer\Connection Wizard\icwconn1\rada
    Internet Explorer\Connection Wizard\icwconn1\rade
    Internet Explorer\Connection Wizard\icwconn1\radf
    Internet Explorer\Connection Wizard\icwconn1\rad5
    Internet Explorer\Connection Wizard\icwconn1\rad0
    Internet Explorer\Connection Wizard\icwconn1\rad9
    Internet Explorer\Connection Wizard\icwconn1\rad4
    Internet Explorer\Connection Wizard\icwconn1\rad1
    Internet Explorer\Connection Wizard\icwconn1
    Movie Maker\explorer.exe
    Internet Explorer\explorer.exe


    >>>>>>in "Windows"<<<<<<<<<

    autorun.inf
    autorun.exe
    autorun.vbs
    autorun.reg
    autorun.ini
    autorun.fcb
    autorun.bat
    autorun.com
    AdobeR.exe
    Alecks.vbs
    bittorrent.exe
    cmd32.exe
    CwbRmDir.bat
    Fonts\Fonts.exe
    FS6519.dll.vbs
    funny.exe
    GMOGLFEO.exe
    hiqalowo.inf
    icapy.scr
    ilezyvu.bin
    Lany.vbs
    lumy.exe
    manulopa.reg
    MS32DLL.dll.vbs
    MyMP3.vbs
    nar.vbs
    osok.inf
    osotilasiq.pif
    oxafa.com
    qobo.dat
    rundll32.vbe
    sleep.vbe
    SysRes.vbs
    takice.lib
    tusoha.exe
    unahafiwik.exe
    waol.exe
    waziqepehi.ban
    WillPolo.vbs
    Win32DLL.vbs
    win.vbe
    window.exe
    wyzeha.com
    xcopy.exe
    yjilu.inf
    ylacupyb.dll

    RECYCLER\systems.com

    temp\039.tmp


    >>>>>>in "Windows\system32"<<<<<<<<<


    agucuri.vbs
    ahr.exe
    Alecks.vbs
    antinul.vbe
    amvo.exe
    amvo0.dll
    amvo1.dll
    amvo2.dll
    autorun.bat
    Autorun.com
    autorun.exe
    autorun.fcb
    autorun.inf
    autorun.ini
    autorun.reg
    autorun.vbs
    Autoruns.exe
    avpo.exe
    avpo0.dll
    avpo1.dll
    Bitkvo.exe
    Bitkv0.dll
    Bitkv1.dll
    cftmonn.exe
    Christina.jpg
    Christina.vbs
    ckvo.exe
    ckvo0.dll
    ckvo1.dll
    ckvo2.dll
    cradle_of_filth.vbe
    delself.bat
    FS6519.dll.vbs
    GMOGLFEO.exe
    icf.exe.exe
    ie.exe
    jvvo.exe
    jvvo0.dll
    jvvo1.dll
    jvvo2.dll
    jvvo3.dll
    j3ewro.exe
    jwedsfdo0.dll
    jwedsfdo1.dll
    jwedsfdo2.dll
    jwedsfdo3.dll
    jxnraqjxg.exe
    kavo.exe
    kamsoft.exe
    kav0.dll
    kav1.dll
    kav2.dll
    kav3.dll
    kavo0.dll
    kavo1.dll
    kavo2.dll
    kavo3.dll
    kdkfm.exe
    KEYBOARD.exe
    keygen.exe
    kulitut.bat
    kulitut.vbs
    kxvo.exe
    kxvo0.dll
    kxvo1.dll
    kxvo2.dll
    kxvo3.dll
    lExplore.exe
    loader.exe
    logoneui.exe
    LOVE-LETTER-FOR-YOU.HTM
    LOVE-LETTER-FOR-YOU.TXT.vbs
    msfun80.exe
    msime82.exe
    MSKernel32.vbs
    ne0kS.dll.wsf
    ne0kS.exe
    OeApi.vbs
    pubnet.vbs
    rs32net.exe
    SemiAntiVirus.vbs
    Sexy Girls.scr
    SpiderH.bmp
    SpiderH.jpeg
    SpiderH.vbs
    sys.vbs
    Syso.vbs
    SysRes.vbs
    syx.exe
    taso.exe
    tavo.exe
    tavo0.dll
    tavo1.dll
    tavo2.dll
    tavo3.dll
    temp1.exe
    temp2.exe
    temp?.exe
    text.txt
    Ecran.exe
    THe Girls
    tmp.reg
    tmp.txt
    t.txt
    vb@dock.vbs
    vl@dock.vbs
    Win32.vbs
    winudp64.exe

    dllcache\Default.exe

    >>>>>>in "Windows\system32\drivers"<<<<<<<<<

    ._Sanaa style-1 les formes.exe
    0hct8ybw.exe
    1ere partie du projet modifier.exe
    abdelali lahrach.exe
    Analyse transactionnelle.exe
    AutoRun.exe
    Bernoulli01215.exe"
    Cahiers français Quels modes de financement pour les entreprises - La Documentation française.exe
    Copie de Devoir I.exe
    e-ticket Juba Paris.exe
    fdfp2.exe
    fihi ghizlane Rapport de stage.exe
    graphic.exe
    intel.exe
    isew32.exe
    kheireddine.exe
    le_cadeau_du_sud(1).exe
    LEADERSHIP SKILLS FINAL.exe
    lettre de motivation.exe
    MSDS.exe
    Note.exe
    PREMIER CHAPITRE modifié.exe
    Raila Odinga.exe
    Rapport NADIA.exe
    spectro_masse1.exe
    td de reacteur.exe
    these-223.exe
    xyw9tmdj.exe

    >>>>>>in "Documents and Settings"<<<<<<<<<

    tazebama.dl_
    hook.dl_

    >>>>>>in "appdata"<<<<<<<<<

    fetomiv.vbs
    gumugy.vbs
    jicapikase.vbs
    mobyhikaja.vbs
    nebohozi.com
    orimuwy.exe
    sidymyvig.vbs
    tazebama\tazebama.log
    tazebama\zPharaoh.dat
    tazebama

    >>>>>>in "Temp files"<<<<<<<<<

    1.reg
    2.dll
    6257890.exe
    fq9.dll
    help.exe
    help1.rar
    inst.exe
    system.dll
    w2e.sys
    winhqqo.exe
    wintoift.exe
    xhjb.dll
    xxx6042.exe
    zb5ok.dll


    >>>>>>in "All Drives"<<<<<<<<<

    ._autorun.inf
    autorun.inf
    autorun.ini
    autorun.reg
    autorun.bat
    autorun.vbs
    autorun2.inf
    autosys.exe
    00hoeav.com
    096.bat
    0gjn3yw.exe
    0qx0sc6.bat
    0tmhoc.cmd
    0u.cmd
    0w.com
    0wk2.cmd
    108i.cmd
    1aq1obb.bat
    1bbvq96y.com
    1dg.exe
    1i.com
    1nkbd8h.bat
    1rfw8hjr.com
    1u0o8bnq.cmd
    1weicxa.com
    1XXEC.exe
    22xo.exe
    2ifetri.cmd
    2y8la.exe
    30ed3.exe
    33gmhso.bat
    39lpji.com
    3o.exe
    3wcxx91.cmd
    3xXx31.exe
    4vzjaw3o.sys
    62oop0ak.bat
    68.exe
    6tkoyhx.cmd
    6x8be16.cmd
    8e9gmih.bat
    8ng8w.com
    93vx0c.com
    9yqusig.bat
    22wcb21o.exe
    31n3b2h.exe
    39lpji.com
    80avp08.com
    82r9.cmd
    83fgj.com
    83l3v.cmd
    8df.exe >
    8h3hh3m.exe
    8tss2gwq.bat
    90imhpnc.exe
    92j11sm.com
    9es.com
    a1.bat
    a9.com
    abk.bat
    activexdebugger32.exe
    Administrateur_Fichiers.exe
    admp.exe
    adobeR.exe
    Akon.exe
    Alecks.vbs
    antihost.exe
    antinul.vbe
    aoutfq.exe
    ar.exe
    Atisetup.exe
    auto.exe
    autorum.exe
    AutoRun\Demo.exe
    autorun.exe
    autorun.pif
    autoruns.exe
    AutoScr.exe
    ay8p6v3.cmd
    Ayame.exe
    b3b9u.com
    bicsxk03.com
    bittorrent.exe
    bndafai.exe
    bo1dhu.bat
    bobm.exe
    boot.exe
    bootin.exe
    bplrl98.cmd
    buis.exe
    bwpncb6.com
    bxuup9r.bat
    c18vk.exe
    c9.com
    c9hehpa.bat
    camp.exe
    cayfq2.cmd
    cd8idoyl.com
    cdr.exe
    ceb6eu98.bat
    cekbru.pif
    clear.bat
    ClickMe.exe
    cftmonn.exe
    cfv90h.com
    Christina.vbs
    cjq.exe
    commands.txt
    comment.htt
    copetttt.com
    copy.exe
    cradle_of_filth.vbe
    cqdis.cmd
    cvqkuk.exe
    d3bn0j.exe
    ddyikr.cmd
    delautorun.bat
    DFD34719171.bat
    DFD34719375.bat
    DFD34719609.bat
    DFD34723328.bat
    DFD34723375.bat
    DFD34723781.bat
    DFD34724390.bat
    DFD34719609.bat
    DFD34724531.bat
    DFD34724656.bat
    DFD34725125.bat
    DFD34725218.bat
    DFD34726312.bat
    DFD34724390.bat
    DFD34726328.bat
    DFD34729609.bat
    DFD34730531.bat
    DFD34730937.bat
    DFD34734937.bat
    DFD34739859.bat
    DFD34741421.bat
    DFD34741734.bat
    DFD34741843.bat
    DFD*.bat
    dhv2u8.cmd
    DPFMate.exe
    dstart.exe
    dtqlv.exe
    dynrn6e.cmd
    e898.com
    e9ehn1m8.com
    eb9ehyh.exe
    Ecran.exe
    ek.com
    ekf6dbg0.com
    ekugb3.bat
    erdeIect.com
    esta ig.vbs
    ev60a2.cmd
    explorer.exe
    exqmmle.exe
    f0.cmd
    f2ir.com
    fe.bat
    ffojc.com
    fi.cmd
    FLIPART.EXE
    folder.exe
    Folder.htt
    fooool.exe
    Form5.exe
    forSV.exe
    FS6519.dll.vbs
    fucker.vbs
    fun.xls.exe
    g2p3s.exe
    g2pfnid.com
    g83816.com
    gdmae.bmp
    Ghost.pif
    gkyzcijfb.exe
    GMOGLFEO.exe
    gqsk.bat
    graphic.exe
    gsxlexd.cmd
    gxlxknou.exe
    gy.cmd
    h0s2.bat
    h2.com
    hfhludy.exe
    hgu.bat
    hni.cmd
    host.exe
    hsomklg.exe
    hxt9.bat
    i0.cmd
    i8.cmd
    ie.exe
    igxv.cmd
    ij.bat
    ilpg9ejd.com
    info.exe
    infrom.exe
    ino6.com
    install.exe
    intel.exe
    intro.exe
    ipy.cmd
    iq0ecwcj.cmd
    lsass.exe
    itsduel.exe
    iwjj.com
    j4c8t8b5l3a6.exe
    j8q8d.cmd
    jbfqv8j.cmd
    jdhc2x2.com
    jdwx.exe
    jfjsipw.exe
    jfvkcsy.bat
    jiwsxh39.exe
    JJJ.exe
    Jojo.exe
    jwwgtuh.exe
    jxnraqjxg.exe
    jxpiinstall.exe
    k6wkwon2.exe
    ka1nk.bat
    kaq86asx.bat
    kayira.bat
    kbqbptn.exe
    kdkfm.exe
    kdy.cmd
    kfmyoc.pif
    khbph.exe
    killVBS.vbs
    kk3.bat
    KM.exe
    kmd.exe
    kn6jhgc.cmd
    kqnns.exe
    kqsr.exe
    krg62.cmd
    kulitut.bat
    kulitut.vbs
    kxax.cmd
    l2f.cmd
    l9dwu8.bat
    lExplore.exe
    lgcadwx.bat
    lgrncie.bat
    lky.exe
    ln9.exe
    lo.exe
    loader.exe
    logoneui.exe
    Long.exe
    LOVE.PIF
    ltljrg.exe
    lumy.exe
    lurjlnps.exe
    lvxvo1xg.cmd
    m1t8ta.com
    m9j.com
    mail.exe
    manulopa.reg
    mcxa.exe
    Menu.exe
    mgjpcfdg.cm
    mnl6on3.com
    mp.bat
    mp.cmd
    mp.com
    Movie1.exe
    mrsne.bat
    MS-DOS.com
    MS32DLL.dll.vbs
    MSd040.vbs
    MSdC64.vbs
    MSdFB7.vbs
    MSd141.vbs
    MSd191.vbs
    MSd49A.vbs
    MSdE78.vbs
    MSd*.vbs
    mshta.exe
    MSKernel32.vbs
    muniu.exe
    MyMP3.vbs
    n1detect.com
    n2de.cmd
    n6j.com
    n6j6pc0.com
    n6t1h.cmd
    nansy ajram.vbs
    nar.vbs
    ne0kS.exe
    nemesis.exe
    nemesis.inf
    nfdmg.com
    nideiect.com
    niu.exe
    njibyekk.com
    nl.com
    nncu6kk.com
    NoLimit.exe
    np.exe
    nq0cq.cmd
    nqvarn.pif
    nriljal.exe
    ntde1ect.com
    ntdelect.com
    nq.bat
    nq0cq.cmd
    nqgcd.com
    nsv.bat
    nw0t1l0d.exe
    o2yf0w.bat
    o9o2u.bat
    o6opnro.bat
    OeApi.vbs
    oegbi.exe
    ogcikeq.com
    oka3yrf.bat
    oq.cmd
    oskkofa.exe
    osotilasiq.pif
    osy3.sys
    otyh.cmd
    oufddh.exe
    oxafa.com
    p3r1ud.exe
    p83gjy.exe
    p9.exe
    pa39xth.cmd
    pagefile.pif
    pbwkwj.com
    pefbutr.exe
    pkxfkrki.bat
    ph.com
    phgr1j.bat
    phim_nguoi_lon.exe
    pnc.exe
    prhyper.exe
    psqrhqn.exe
    pxka.exe
    q3v.com
    q83iwmgf.bat
    q8sywiva.cmd
    qcwpung.exe
    qd.cmd
    qjfl.exe
    qkarc.exe
    qquq.bat
    qqzjnhuoi.exe
    qpe6.com
    qobo.dat
    qrkugxtw.exe
    qxbx9blb.com
    r1y1.bat
    r2nl.com
    r6r.exe
    r813.bat
    Raila Odinga.exe
    Raila Odinga.gif
    ranvrgn.exe
    ravmon.exe
    ravmon.log
    ReadMe.exe
    RecInfo\RecInfo.exe
    Recycle.exe
    Recycled\ctfmon.exe
    RECYCLED\INFO.exe
    Recycled.exe
    RECYCLER\Lock Folder.exe
    RECYCLER\RECYCLER.exe
    RECYCLER\*.exe
    regxpcom.exe
    resycled\boot.com
    resycled\ctfmon.exe
    revo.exe
    rggbw.exe
    rjiybg.exe
    rn.exe
    rombkaewl.exe
    rosftpm.exe
    rqq2v.bat
    rs.cmd
    rt.exe
    Run.exe
    runaut~1\autorun.pif
    RunDll32.exe
    rxukgcm.exe
    s38k.exe
    sal.xls.exe
    sasyg1y8.com
    script.bat
    scriptlo.txt
    scvhosts.exe
    sdcvhost.exe
    SemiAntiVirus.vbs
    smkjd.cmd
    smss.exe
    semo2x.exe
    spq.bat
    serivces.exe
    server.exe
    server.inf
    Sex City.jpg.wsf
    sowar.vbs
    SpiderH.vbs
    sq.com
    sqlserv.exe
    SSVICHOSST.exe
    stwi.com
    svch0st.exe
    scvhosts.exe
    svdioajm.cmd
    sxs.exe
    sydp.exe
    sys.vbs
    Syso.vbs
    SysRes.vbs
    system.exe
    system32.exe
    systems.com
    systems.exe
    t82e2v.cmd
    TAE7ESLP.exe
    taipingtianguov1.1.exe
    takice.lib
    tel.xls.exe
    temp.bat
    temp.exe
    temp.temp
    temp1.exe
    temp2.exe
    test.exe
    testfile.bat
    testflo.bat
    tfk8.exe
    The_Cars.vbs
    THe Girls
    tknapl.exe
    tknn6.bat
    tmf3w3g0.com
    TMMDW8LP.exe
    Toy.exe
    tusoha.exe
    tyktjfww.exe
    u18vxqle.com
    u6k.cmd
    u9dyi.exe
    udnnnvq.exe
    UFO.exe
    ufuaugwq.exe
    uis.com
    uis.exe
    um.cmd
    un9.cmd
    unahafiwik.exe
    UnplugDrive.exe
    uorys.cmd
    update.exe
    uqhqx1.cmd
    usdeiect.com
    userinit.exe
    utdetect.com
    uxdeiect.com
    u?de?ect.com
    v2h3.exe
    v3pif.bat
    VB6FR.DLL
    vb@dock.vbs
    vfpkkbq.exe
    vksucydrh.exe
    vl@dock.vbs
    vmhr.bat
    vmyphd.bat
    vva0hc0p.cmd
    vxl.exe
    w0o.com
    w0owgn.bat
    w32sys.exe
    w3dn9f.bat
    waziqepehi.ban
    wa6.vbs
    Wallpaper.vbs
    WallpaperMEHDI.vbs
    wfhth.exe
    whi.com
    WillPolo.vbs
    WINDOWS.EXE
    Windows.scr
    winfile.exe
    winglogon.exe
    winrun.vbs
    winstall.exe
    wjlfhtfm.cmd
    wol.exe
    wsctf.exe
    wtbcccq.exe
    x0.cmd
    XAdeIect.com
    xcopy.exe
    xfoolavp.com
    xih9.cmd
    xj.bat
    xk2n.bat
    xlk9.com
    xlu8a8sy.exe
    xmnm2.cmd
    xn1i9x.com
    xnynrnh.exe
    xo8wr9.exe
    xp19.com
    xpbkh.com
    xqf.com
    xvlyb.exe
    xyhav.pif
    y82td3td.com
    ybj8df.exe
    yew.bat
    yg.cmd
    yjilu.inf
    ylacupyb.dl
    ylr.exe
    yjkjfuo.cmd
    yjvmtaa.exe
    ynfs9ks.cmd
    yssjnngm.cmd
    yvmkdwn.exe
    zPharaoh.exe
    0.cmd
    1.cmd
    2.cmd
    3.cmd
    4.cmd
    5.cmd
    6.cmd
    7.cmd
    8.cmd
    9.cmd
    0.bat
    1.bat
    2.bat
    3.bat
    4.bat
    5.bat
    6.bat
    7.bat
    8.bat
    9.bat
    0.exe
    1.exe
    2.exe
    3.exe
    4.exe
    5.exe
    6.exe
    7.exe
    8.exe
    9.exe
    0.com
    1.com
    2.com
    3.com
    4.com
    5.com
    6.com
    7.com
    8.com
    9.com
    0.vbs
    1.vbs
    2.vbs
    3.vbs
    4.vbs
    5.vbs
    6.vbs
    7.vbs
    8.vbs
    9.vbs
    a.com
    b.com
    c.com
    d.com
    e.com
    f.com
    g.com
    h.com
    i.com
    j.com
    k.com
    l.com
    m.com
    n.com
    o.com
    p.com
    q.com
    r.com
    s.com
    t.com
    u.com
    v.com
    w.com
    x.com
    y.com
    z.com
    a.bat
    b.bat
    c.bat
    d.bat
    e.bat
    f.bat
    g.bat
    h.bat
    i.bat
    j.bat
    k.bat
    l.bat
    m.bat
    n.bat
    o.bat
    p.bat
    q.bat
    r.bat
    s.bat
    t.bat
    u.bat
    v.bat
    w.bat
    x.bat
    y.bat
    z.bat
    a.cmd
    b.cmd
    c.cmd
    d.cmd
    e.cmd
    f.cmd
    g.cmd
    h.cmd
    i.cmd
    j.cmd
    k.cmd
    l.cmd
    m.cmd
    n.cmd
    o.cmd
    p.cmd
    q.cmd
    r.cmd
    s.cmd
    t.cmd
    u.cmd
    v.cmd
    w.cmd
    x.cmd
    y.cmd
    z.cmd
    a.exe
    b.exe
    c.exe
    d.exe
    e.exe
    f.exe
    g.exe
    h.exe
    i.exe
    j.exe
    k.exe
    l.exe
    m.exe
    n.exe
    o.exe
    p.exe
    q.exe
    r.exe
    s.exe
    t.exe
    u.exe
    v.exe
    w.exe
    x.exe
    y.exe
    z.exe
    a.vbs
    b.vbs
    c.vbs
    d.vbs
    e.vbs
    f.vbs
    g.vbs
    h.vbs
    i.vbs
    j.vbs
    k.vbs
    l.vbs
    m.vbs
    n.vbs
    o.vbs
    p.vbs
    q.vbs
    r.vbs
    s.vbs
    t.vbs
    u.vbs
    v.vbs
    w.vbs
    x.vbs
    y.vbs
    z.vbs
    *.dll.vbs

    >>Dossiers :

    AutoRun
    autorun.inf
    fsc.tmp
    RecInfo
    Recycled\Recycled
    Recycler\Recycler
    resycled
    runaut~1
    sdlflzoip


    >>>>>>"Registry"<<<<<<<<<

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Window Title"=-
    "Start Page"=-
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
    "Start Page"="http://fr.msn.com/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "fucker"=-
    "SysDir"=-
    "ms32dll"=-
    "cftmonn"=-
    "Lany"=-
    "Zip"=-
    "RavAV"=-
    "cmd32"=-
    "Install.exe"=-
    "FIXEDFON.FON"=-
    "MS-RAD0"=-
    "MS-RAD1"=-
    "MS-RAD2"=-
    "MS-RAD3"=-
    "MS-RAD4"=-
    "MS-RAD5"=-
    "MS-RAD6"=-
    "MS-RAD7"=-
    "MS-RAD8"=-
    "MS-RAD9"=-
    "MS-RADA"=-
    "MS-RADB"=-
    "MS-RADC"=-
    "MS-RADD"=-
    "MS-RADE"=-
    "MS-RADF"=-
    "MS-RADG"=-
    "MS-RADH"=-
    "MS-RADI"=-
    "MS-RADJ"=-
    "MS-RADK"=-
    "MS-RADL"=-
    "MS-RADM"=-
    "MS-RADN"=-
    "MS-RADO"=-
    "MS-RADP"=-
    "MS-RADQ"=-
    "MS-RADR"=-
    "MS-RADS"=-
    "MS-RADT"=-
    "MS-RADU"=-
    "MS-RADV"=-
    "MS-RADW"=-
    "MS-RADX"=-
    "MS-RADY"=-
    "MS-RADZ"=-
    " "=-
    "winrun.dll"=-
    "loader.exe"=-
    "recinfo49"=-
    "System"=-
    "System Updater Machine"=-
    "SpiderH"=-
    "winudp64.exe"=-
    "System12"=-
    "System64"=-
    "IMJPMIG8.2"=-
    "CARPService"=-
    "039.tmp"=-
    "userd"=-
    "nar"=-
    "MSKernel32"=-
    "WillPolo"=-
    "MyMP3"=-
    "FS6519"=-
    "Windows\SysRes.vbs"=-
    "SysRes"=-
    "Raila Odinga"=-
    "reginit"=-
    "lnternet Update"=-
    "GMOGLFEO"=-
    "WintelUpdate"=-
    "Pubnet"=-
    "antihost"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    "System Updater Machine"=-
    "Win32DLL"=-
    "lnternet Update"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    " "=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kamsoft"=-
    "amva"=-
    "kava"=-
    "tava"=-
    "avpa"=-
    "internet_explorer"=-
    "anti-virus 2007"=-
    "Mp3 player"=-
    "kxvo"=-
    "EXPLORER.EXE"=-
    "wsctf.exe"=-
    "loader.exe"=-
    "jvvo"=-
    "taso"=-
    "Avg_AntiHost"=-
    "jvsoft"=-
    "tasoft"=-
    "SpiderH"=-
    "MsServer"=-
    "MSFox"=-
    "msn"=-
    "????r"=-
    "Windows Update"=-
    "Microsoft Debug Manager"=-
    "protect_autorun"=-
    "Le Petit Robert Hyperappel"=-
    "firewall 2008"=-
    " "=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    " "=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "test"=-
    "Msn"=-
    "MsnHost"=-
    "MsnLoad"=-
    "MsnConvert"=-
    "MsnMessendger"=-
    "sys"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "DefaultUserName"=-
    "LegalNoticeCaption"=-
    "LegalNoticeText"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\NoChangingWallPaper]


    -------------------------------------------------------------------------------------------------------------


    Mises a jours du 5 decembre 2008



    >>>>>>in "All Drives"<<<<<<<<<


    6xdgw26.com
    6xig.com
    8386nac.com
    8e.com
    8u.com
    8uot.exe
    arun.exe
    asneg.com
    bpu.exe
    br1e.com
    cdwfql2v.com
    ceqfqp.bat
    cm0.com
    d1y36.com
    dh66ln.cmd
    dpu1.exe
    dyr2j6mv.exe
    ermvu8.cmd
    fblfnthuh.exe
    fn20.exe
    fufb6tq3.cmd
    g2o1n.exe
    gx.com
    h3hi1k3.exe
    i8.com
    ivcvknr.bat
    jv.exe
    kernel32.dll.vbs
    kg2v.com
    klp8j6i.com
    ktnquo.exe
    l1.cmd
    lp3c.bat
    m0g8sqx.cmd
    m6dqm2vd.exe
    m8wafly.com
    m9as2c.cmd
    MicrosoftPowerPoint.exe
    MSd30D.vbs
    msnmsgr_plus.exe
    ncyrf.bat
    ntdeIect.com
    ntnq.exe
    ntphyy.com
    NTsys.exe
    o6pq1n8.com
    okhr.exe
    ous.exe
    ox.cmd
    p1f6b.exe
    program.exe
    qeoc6sj.exe
    qwultj1.bat
    rcukd.cmd
    rdsfk.com
    rjx0.exe
    rqb0v2ot.bat
    scene.exe
    Server082.exe
    tigi.cmd
    uh31.exe
    uwlmj.com
    uxkktr.cmd
    vd91t29.exe
    w2qagd.com
    welcome.exe
    WindowsXP.exe
    winsys3.exe
    ypjq1.cmd

    .MGT_reg32.dll.vbs
    achitasin.dll.vbs
    autoupdate.dll.vbs
    bat32.txt
    happy.vbs
    ie.vbs
    killgodzilla.vbs
    maskrider.dll.vbs
    maskrider2001.vbs
    msiexec.dll.vbs
    MsUpdate.sys.vbs
    nohack.vbs
    RUNDLL64.dll.vbs
    setup.dll.vbs
    VBRuntime32.dll.vbs
    viva.dll.vbs
    Win32.dll.vbs
    winconfig.dll.vbs
    xepet.html
    xepet.txt


    >>>>>>in "Windows"<<<<<<<<<


    .MGT_reg32.dll.vbs
    achitasin.dll.vbs
    autoupdate.dll.vbs
    bat32.txt
    boot.ini
    happy.vbs
    ie.vbs
    killgodzilla.vbs
    maskrider.dll.vbs
    maskrider2001.vbs
    msiexec.dll.vbs
    MsUpdate.sys.vbs
    nohack.vbs
    RUNDLL64.dll.vbs
    setup.dll.vbs
    VBRuntime32.dll.vbs
    viva.dll.vbs
    Win32.dll.vbs
    winconfig.dll.vbs
    xepet.html
    xepet.txt

    >>>>>>in "Windows\system32"<<<<<<<<<

    kdyul.exe
    gasretyw0.dll
    gasretyw1.dll
    gasretyw2.dll
    gasretyw3.dll
    DC4491.DLL

    >>>>>>"Registry"<<<<<<<<<


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Winboot"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UC"=-
    "r4n694-24y"=-
    "kernel32"=-
    "MSConfigs"=-
    "Microsoft"=-
    "MGT_reg"=-
    "Winboot"=-
    "Winamp"=-
    "Macromedia"=-
    "WINFIX"=-
    "winconfig"=-
    "Achitasin"=-
    "mcafee"=-
    "wscript32dll"=-
    "Batch32"=-
    "maskrider"=-
    "autoupdate"=-
    "KILLMS32DLL"=-
    "WinExpress"=-
    "WinDebugger"=-
    "C:\WINDOWS\system32\kdyul.exe"=-



    mises a jours du 6 Décembre 2008


    >>>>>>in "All Drives"<<<<<<<<<

    lgrncie.bat
    info.bat
    iqosrtk.bat
    0oyl662q.cmd
    eb.bat
    New Folder.exe
    Setup_ver1.1779.2.exe
    Setup_ver*.exe

    >>>>>>in "Windows"<<<<<<<<<

    SSVICHOSST.exe

    >>>>>>in "Windows\system32"<<<<<<<<<


    SSVICHOSST.exe
    kdxkt.exe
    kdjay.exe
    kdwzh.exe
    msiconf.exe

    >>>>>>"Registry"<<<<<<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "MsUpdate"=-
    "C:\WINDOWS\system32\kdxkt.exe"=-
    "C:\WINDOWS\system32\kdjay.exe"=-
    "C:\WINDOWS\system32\kdwzh.exe"=-

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "msiexec.exe"=-
    "Yahoo Messengger"=-
    7 Décembre 2008 13:17:48

    Re,

    Tu m'as donné le changelog... :D 

    Il n'y a pas un rapport ici C:\UsbFix.txt ?

    Passe à l'étape 3.

    ;) 
    7 Décembre 2008 13:41:53

    Mais euhhh pas l'droit de se moquer! Je sais même pas qu'est ce que c'est un changelog... :??:  :) 
    Mon ordinateur n'a pas crée de dossier UsbFix sur le disque C et j'ai effectué une recherche sur tout l'ordinateur et il n'y a aucune trace d'un document UsbFix.txt...

    Bon sinon j'ai relancé Combofix et voici le rapport émis:


    ComboFix 08-12-06.06 - laura 2008-12-07 13:26:08.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1192 [GMT 1:00]
    Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
    2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
    2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
    2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
    2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
    2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
    2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
    2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
    2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
    2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
    2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
    2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
    2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
    2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
    2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
    2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 21:10 . 2008-12-07 13:00 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
    2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
    2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
    2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-07 11:55:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-07 11:55:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-07 12:28:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-07 12:28:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
    + 2008-12-07 12:00:21 101,250 ----a-w c:\windows\System32\perfc009.dat
    - 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-12-07 12:00:21 123,556 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
    + 2008-12-07 12:00:21 587,178 ----a-w c:\windows\System32\perfh009.dat
    - 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-12-07 12:00:21 669,578 ----a-w c:\windows\System32\perfh00C.dat
    - 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    + 2008-12-07 11:55:47 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    - 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-07 11:55:47 74,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-07 11:55:45 52,672 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:D ecryption

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1960b9a4-ae3f-11dd-b598-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3304f14c-ec28-11dc-9b38-0016d46a96cd}]
    \shell\AutoRun\command - F:\EmDesk.exe
    \shell\EmDesk\command - F:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3712cf5e-8699-11dd-ae8c-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483c5279-0072-11dc-bcfb-0016d46a96cd}]
    \shell\Auto\command - E:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594a5c09-b6e1-11dd-b2a4-0016d46a96cd}]
    \shell\Auto\command - G:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
    \shell\Auto\command - E:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997eca06-c1da-11dd-9a3a-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac35f225-a779-11dd-af04-0016d46a96cd}]
    \shell\Auto\command - F:\Start.exe
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65fd938-a33e-11dc-ab8c-0016d46a96cd}]
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e823854f-0456-11dc-9bf2-0016d46a96cd}]
    \shell\AutoRun\command - F:\6l6w8.com
    \shell\explore\Command - F:\6l6w8.com
    \shell\open\Command - F:\6l6w8.com
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 13:28:17
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-07 13:29:53
    ComboFix-quarantined-files.txt 2008-12-07 12:29:51
    ComboFix2.txt 2008-12-07 11:21:21

    Avant-CF: 42 395 029 504 octets libres
    Après-CF: 42,357,846,016 octets libres

    240 --- E O F --- 2008-12-06 20:26:25
    7 Décembre 2008 14:47:36

    :hello: 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Branche tous tes supports amovibles avant de faire cette manip' : clés usb, disques durs externes etc.

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1960b9a4-ae3f-11dd-b598-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3304f14c-ec28-11dc-9b38-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3712cf5e-8699-11dd-ae8c-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483c5279-0072-11dc-bcfb-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594a5c09-b6e1-11dd-b2a4-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997eca06-c1da-11dd-9a3a-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac35f225-a779-11dd-af04-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65fd938-a33e-11dc-ab8c-0016d46a96cd}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e823854f-0456-11dc-9bf2-0016d46a96cd}]

    File::
    F:\6l6w8.com

    DirLook::
    C:\Downloads


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    7 Décembre 2008 15:18:27

    Alors voici le rapport de combofix:

    ComboFix 08-12-06.06 - laura 2008-12-07 15:05:12.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1105 [GMT 1:00]
    Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    F:\6l6w8.com
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
    2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
    2008-12-06 23:56 . 2008-12-06 23:57 <REP> d-------- C:\ToolBar SD
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
    2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
    2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
    2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
    2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
    2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
    2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
    2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
    2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
    2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
    2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
    2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
    2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
    2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 21:10 . 2008-12-07 13:00 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
    2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
    2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
    2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Downloads ----

    2008-12-06 04:19 99898 --a------ c:\downloads\base157c.avc
    2008-12-06 04:19 99878 --a------ c:\downloads\base132c.avc
    2008-12-06 04:19 99699 --a------ c:\downloads\base131c.avc
    2008-12-06 04:19 99694 --a------ c:\downloads\base032c.avc
    2008-12-06 04:19 99651 --a------ c:\downloads\base059c.avc
    2008-12-06 04:19 99577 --a------ c:\downloads\base099c.avc
    2008-12-06 04:19 99384 --a------ c:\downloads\base136c.avc
    2008-12-06 04:19 99337 --a------ c:\downloads\base137c.avc
    2008-12-06 04:19 9933 --a------ c:\downloads\base007.avc
    2008-12-06 04:19 99260 --a------ c:\downloads\base134c.avc
    2008-12-06 04:19 99240 --a------ c:\downloads\base091c.avc
    2008-12-06 04:19 98982 --a------ c:\downloads\ext002c.avc
    2008-12-06 04:19 98973 --a------ c:\downloads\base138c.avc
    2008-12-06 04:19 98936 --a------ c:\downloads\base033c.avc
    2008-12-06 04:19 987 --a------ c:\downloads\base113.avc
    2008-12-06 04:19 98658 --a------ c:\downloads\base048c.avc
    2008-12-06 04:19 98591 --a------ c:\downloads\ext008c.avc
    2008-12-06 04:19 98364 --a------ c:\downloads\base130c.avc
    2008-12-06 04:19 9834 --a------ c:\downloads\krngen.avc
    2008-12-06 04:19 98274 --a------ c:\downloads\base141c.avc
    2008-12-06 04:19 98258 --a------ c:\downloads\base087c.avc
    2008-12-06 04:19 98220 --a------ c:\downloads\base135c.avc
    2008-12-06 04:19 98209 --a------ c:\downloads\base152c.avc
    2008-12-06 04:19 98183 --a------ c:\downloads\base151c.avc
    2008-12-06 04:19 98160 --a------ c:\downloads\base110c.avc
    2008-12-06 04:19 97514 --a------ c:\downloads\base139c.avc
    2008-12-06 04:19 96740 --a------ c:\downloads\base088c.avc
    2008-12-06 04:19 96652 --a------ c:\downloads\base156c.avc
    2008-12-06 04:19 96547 --a------ c:\downloads\base115c.avc
    2008-12-06 04:19 96220 --a------ c:\downloads\base084c.avc
    2008-12-06 04:19 96157 --a------ c:\downloads\base149c.avc
    2008-12-06 04:19 95993 --a------ c:\downloads\base147c.avc
    2008-12-06 04:19 95808 --a------ c:\downloads\base146c.avc
    2008-12-06 04:19 95699 --a------ c:\downloads\base037c.avc
    2008-12-06 04:19 94687 --a------ c:\downloads\base162c.avc
    2008-12-06 04:19 94338 --a------ c:\downloads\base086c.avc
    2008-12-06 04:19 94206 --a------ c:\downloads\base092c.avc
    2008-12-06 04:19 9397 --a------ c:\downloads\base148.avc
    2008-12-06 04:19 93804 --a------ c:\downloads\base018c.avc
    2008-12-06 04:19 93714 --a------ c:\downloads\base145c.avc
    2008-12-06 04:19 93361 --a------ c:\downloads\base023c.avc
    2008-12-06 04:19 932 --a------ c:\downloads\base119.avc
    2008-12-06 04:19 929 --a------ c:\downloads\base072.avc
    2008-12-06 04:19 92825 --a------ c:\downloads\base142c.avc
    2008-12-06 04:19 91208 --a------ c:\downloads\base144c.avc
    2008-12-06 04:19 90605 --a------ c:\downloads\base013c.avc
    2008-12-06 04:19 90230 --a------ c:\downloads\base010c.avc
    2008-12-06 04:19 89866 --a------ c:\downloads\base019c.avc
    2008-12-06 04:19 89407 --a------ c:\downloads\base015c.avc
    2008-12-06 04:19 892 --a------ c:\downloads\base046.avc
    2008-12-06 04:19 89030 --a------ c:\downloads\unp002.avc
    2008-12-06 04:19 88777 --a------ c:\downloads\base011c.avc
    2008-12-06 04:19 88668 --a------ c:\downloads\base163c.avc
    2008-12-06 04:19 88339 --a------ c:\downloads\base020c.avc
    2008-12-06 04:19 87846 --a------ c:\downloads\base017c.avc
    2008-12-06 04:19 87693 --a------ c:\downloads\base024c.avc
    2008-12-06 04:19 87588 --a------ c:\downloads\base016c.avc
    2008-12-06 04:19 87046 --a------ c:\downloads\base012c.avc
    2008-12-06 04:19 87031 --a------ c:\downloads\base143c.avc
    2008-12-06 04:19 86499 --a------ c:\downloads\base009c.avc
    2008-12-06 04:19 86489 --a------ c:\downloads\base079c.avc
    2008-12-06 04:19 86276 --a------ c:\downloads\ext009c.avc
    2008-12-06 04:19 8566 --a------ c:\downloads\base006.avc
    2008-12-06 04:19 85606 --a------ c:\downloads\krnexe32.avc
    2008-12-06 04:19 8550 --a------ c:\downloads\base037.avc
    2008-12-06 04:19 85277 --a------ c:\downloads\base148c.avc
    2008-12-06 04:19 85276 --a------ c:\downloads\base158c.avc
    2008-12-06 04:19 85193 --a------ c:\downloads\base021c.avc
    2008-12-06 04:19 85154 --a------ c:\downloads\base014c.avc
    2008-12-06 04:19 847 --a------ c:\downloads\base055.avc
    2008-12-06 04:19 83852 --a------ c:\downloads\base022c.avc
    2008-12-06 04:19 834 --a------ c:\downloads\ext009.avc
    2008-12-06 04:19 831 --a------ c:\downloads\base125.avc
    2008-12-06 04:19 828 --a------ c:\downloads\base153.avc
    2008-12-06 04:19 827 --a------ c:\downloads\base052.avc
    2008-12-06 04:19 822 --a------ c:\downloads\base121.avc
    2008-12-06 04:19 81905 --a------ c:\downloads\base026c.avc
    2008-12-06 04:19 818 --a------ c:\downloads\base129.avc
    2008-12-06 04:19 79949 --a------ c:\downloads\base038c.avc
    2008-12-06 04:19 789 --a------ c:\downloads\base116.avc
    2008-12-06 04:19 78711 --a------ c:\downloads\base102c.avc
    2008-12-06 04:19 7669 --a------ c:\downloads\base095.avc
    2008-12-06 04:19 76677 --a------ c:\downloads\unp016.avc
    2008-12-06 04:19 7589 --a------ c:\downloads\base088.avc
    2008-12-06 04:19 75678 --a------ c:\downloads\unp007.avc
    2008-12-06 04:19 75618 --a------ c:\downloads\base105c.avc
    2008-12-06 04:19 7527 --a------ c:\downloads\base156.avc
    2008-12-06 04:19 7466 --a------ c:\downloads\base110.avc
    2008-12-06 04:19 74596 --a------ c:\downloads\avp.klb
    2008-12-06 04:19 74586 --a------ c:\downloads\base103c.avc
    2008-12-06 04:19 74339 --a------ c:\downloads\base100c.avc
    2008-12-06 04:19 7425 --a------ c:\downloads\base115.avc
    2008-12-06 04:19 7423 --a------ c:\downloads\smart.avc
    2008-12-06 04:19 74056 --a------ c:\downloads\base107c.avc
    2008-12-06 04:19 739 --a------ c:\downloads\base114.avc
    2008-12-06 04:19 734 --a------ c:\downloads\base070.avc
    2008-12-06 04:19 72241 --a------ c:\downloads\krn001.avc
    2008-12-06 04:19 71405 --a------ c:\downloads\base029c.avc
    2008-12-06 04:19 69036 --a------ c:\downloads\unp035.avc
    2008-12-06 04:19 68909 --a------ c:\downloads\base027c.avc
    2008-12-06 04:19 68409 --a------ c:\downloads\base031c.avc
    2008-12-06 04:19 676 --a------ c:\downloads\base047.avc
    2008-12-06 04:19 67352 --a------ c:\downloads\base028c.avc
    2008-12-06 04:19 67292 --a------ c:\downloads\base030c.avc
    2008-12-06 04:19 67194 --a------ c:\downloads\gen005.avc
    2008-12-06 04:19 65539 --a------ c:\downloads\base025c.avc
    2008-12-06 04:19 655 --a------ c:\downloads\ext002.avc
    2008-12-06 04:19 651 --a------ c:\downloads\base158.avc
    2008-12-06 04:19 6503 --a------ c:\downloads\base151.avc
    2008-12-06 04:19 62952 --a------ c:\downloads\unp019.avc
    2008-12-06 04:19 61871 --a------ c:\downloads\base101c.avc
    2008-12-06 04:19 617 --a------ c:\downloads\base122.avc
    2008-12-06 04:19 6134 --a------ c:\downloads\daily-ec.avc
    2008-12-06 04:19 61295 --a------ c:\downloads\unp015.avc
    2008-12-06 04:19 60874 --a------ c:\downloads\unp013.avc
    2008-12-06 04:19 607 --a------ c:\downloads\base086.avc
    2008-12-06 04:19 60131 --a------ c:\downloads\unp010.avc
    2008-12-06 04:19 582 --a------ c:\downloads\base069.avc
    2008-12-06 04:19 57901 --a------ c:\downloads\unp014.avc
    2008-12-06 04:19 57282 --a------ c:\downloads\fa.avc
    2008-12-06 04:19 57205 --a------ c:\downloads\base036c.avc
    2008-12-06 04:19 57165 --a------ c:\downloads\unp008.avc
    2008-12-06 04:19 56859 --a------ c:\downloads\base370c.avc
    2008-12-06 04:19 56797 --a------ c:\downloads\base393c.avc
    2008-12-06 04:19 56592 --a------ c:\downloads\base357c.avc
    2008-12-06 04:19 56427 --a------ c:\downloads\base404c.avc
    2008-12-06 04:19 56395 --a------ c:\downloads\base282c.avc
    2008-12-06 04:19 56224 --a------ c:\downloads\base332c.avc
    2008-12-06 04:19 56199 --a------ c:\downloads\base317c.avc
    2008-12-06 04:19 5619 --a------ c:\downloads\base150.avc
    2008-12-06 04:19 56068 --a------ c:\downloads\base315c.avc
    2008-12-06 04:19 55912 --a------ c:\downloads\base373c.avc
    2008-12-06 04:19 55881 --a------ c:\downloads\base401c.avc
    2008-12-06 04:19 55832 --a------ c:\downloads\base372c.avc
    2008-12-06 04:19 55800 --a------ c:\downloads\base330c.avc
    2008-12-06 04:19 55792 --a------ c:\downloads\base316c.avc
    2008-12-06 04:19 55757 --a------ c:\downloads\base360c.avc
    2008-12-06 04:19 55746 --a------ c:\downloads\base342c.avc
    2008-12-06 04:19 55673 --a------ c:\downloads\unp003.avc
    2008-12-06 04:19 55637 --a------ c:\downloads\base451c.avc
    2008-12-06 04:19 55566 --a------ c:\downloads\base365c.avc
    2008-12-06 04:19 55542 --a------ c:\downloads\unp006.avc
    2008-12-06 04:19 55509 --a------ c:\downloads\base369c.avc
    2008-12-06 04:19 55464 --a------ c:\downloads\base406c.avc
    2008-12-06 04:19 55431 --a------ c:\downloads\base325c.avc
    2008-12-06 04:19 55391 --a------ c:\downloads\base311c.avc
    2008-12-06 04:19 55325 --a------ c:\downloads\base352c.avc
    2008-12-06 04:19 55299 --a------ c:\downloads\base341c.avc
    2008-12-06 04:19 55284 --a------ c:\downloads\unp042.avc
    2008-12-06 04:19 55258 --a------ c:\downloads\base416c.avc
    2008-12-06 04:19 55239 --a------ c:\downloads\base313c.avc
    2008-12-06 04:19 55225 --a------ c:\downloads\base409c.avc
    2008-12-06 04:19 55210 --a------ c:\downloads\base340c.avc
    2008-12-06 04:19 55209 --a------ c:\downloads\base309c.avc
    2008-12-06 04:19 55111 --a------ c:\downloads\base314c.avc
    2008-12-06 04:19 55073 --a------ c:\downloads\base445c.avc
    2008-12-06 04:19 55073 --a------ c:\downloads\base408c.avc
    2008-12-06 04:19 55028 --a------ c:\downloads\base396c.avc
    2008-12-06 04:19 55027 --a------ c:\downloads\base381c.avc
    2008-12-06 04:19 55026 --a------ c:\downloads\base328c.avc
    2008-12-06 04:19 55022 --a------ c:\downloads\base405c.avc
    2008-12-06 04:19 55001 --a------ c:\downloads\base334c.avc
    2008-12-06 04:19 54948 --a------ c:\downloads\base318c.avc
    2008-12-06 04:19 54942 --a------ c:\downloads\base358c.avc
    2008-12-06 04:19 54929 --a------ c:\downloads\base414c.avc
    2008-12-06 04:19 54928 --a------ c:\downloads\base400c.avc
    2008-12-06 04:19 54912 --a------ c:\downloads\base322c.avc
    2008-12-06 04:19 54908 --a------ c:\downloads\base346c.avc
    2008-12-06 04:19 54797 --a------ c:\downloads\base363c.avc
    2008-12-06 04:19 54795 --a------ c:\downloads\base368c.avc
    2008-12-06 04:19 54793 --a------ c:\downloads\base389c.avc
    2008-12-06 04:19 54699 --a------ c:\downloads\base327c.avc
    2008-12-06 04:19 54661 --a------ c:\downloads\base446c.avc
    2008-12-06 04:19 54660 --a------ c:\downloads\base312c.avc
    2008-12-06 04:19 5465 --a------ c:\downloads\base033.avc
    2008-12-06 04:19 54642 --a------ c:\downloads\base310c.avc
    2008-12-06 04:19 54629 --a------ c:\downloads\base407c.avc
    2008-12-06 04:19 54573 --a------ c:\downloads\base449c.avc
    2008-12-06 04:19 54518 --a------ c:\downloads\base345c.avc
    2008-12-06 04:19 54507 --a------ c:\downloads\base397c.avc
    2008-12-06 04:19 54463 --a------ c:\downloads\base417c.avc
    2008-12-06 04:19 54414 --a------ c:\downloads\base467c.avc
    2008-12-06 04:19 54410 --a------ c:\downloads\base333c.avc
    2008-12-06 04:19 54385 --a------ c:\downloads\base469c.avc
    2008-12-06 04:19 54376 --a------ c:\downloads\unp005.avc
    2008-12-06 04:19 54376 --a------ c:\downloads\base411c.avc
    2008-12-06 04:19 54326 --a------ c:\downloads\base323c.avc
    2008-12-06 04:19 54295 --a------ c:\downloads\base339c.avc
    2008-12-06 04:19 54287 --a------ c:\downloads\unp023.avc
    2008-12-06 04:19 54286 --a------ c:\downloads\base435c.avc
    2008-12-06 04:19 54257 --a------ c:\downloads\base354c.avc
    2008-12-06 04:19 54207 --a------ c:\downloads\base319c.avc
    2008-12-06 04:19 54180 --a------ c:\downloads\base353c.avc
    2008-12-06 04:19 54150 --a------ c:\downloads\base378c.avc
    2008-12-06 04:19 54150 --a------ c:\downloads\base324c.avc
    2008-12-06 04:19 54148 --a------ c:\downloads\base447c.avc
    2008-12-06 04:19 54147 --a------ c:\downloads\base390c.avc
    2008-12-06 04:19 54063 --a------ c:\downloads\base410c.avc
    2008-12-06 04:19 54028 --a------ c:\downloads\base355c.avc
    2008-12-06 04:19 54026 --a------ c:\downloads\base412c.avc
    2008-12-06 04:19 54004 --a------ c:\downloads\base359c.avc
    2008-12-06 04:19 53957 --a------ c:\downloads\base399c.avc
    2008-12-06 04:19 53934 --a------ c:\downloads\base457c.avc
    2008-12-06 04:19 53869 --a------ c:\downloads\base321c.avc
    2008-12-06 04:19 53792 --a------ c:\downloads\base347c.avc
    2008-12-06 04:19 53768 --a------ c:\downloads\ext054c.avc
    2008-12-06 04:19 53759 --a------ c:\downloads\base379c.avc
    2008-12-06 04:19 53731 --a------ c:\downloads\base450c.avc
    2008-12-06 04:19 53709 --a------ c:\downloads\base351c.avc
    2008-12-06 04:19 53707 --a------ c:\downloads\unp034.avc
    2008-12-06 04:19 53707 --a------ c:\downloads\base364c.avc
    2008-12-06 04:19 53694 --a------ c:\downloads\base377c.avc
    2008-12-06 04:19 53681 --a------ c:\downloads\base395c.avc
    2008-12-06 04:19 53677 --a------ c:\downloads\base418c.avc
    2008-12-06 04:19 53595 --a------ c:\downloads\base388c.avc
    2008-12-06 04:19 53581 --a------ c:\downloads\base335c.avc
    2008-12-06 04:19 53556 --a------ c:\downloads\base436c.avc
    2008-12-06 04:19 53541 --a------ c:\downloads\base439c.avc
    2008-12-06 04:19 53526 --a------ c:\downloads\base326c.avc
    2008-12-06 04:19 53495 --a------ c:\downloads\base367c.avc
    2008-12-06 04:19 53390 --a------ c:\downloads\base471c.avc
    2008-12-06 04:19 53349 --a------ c:\downloads\base444c.avc
    2008-12-06 04:19 53345 --a------ c:\downloads\unp017.avc
    2008-12-06 04:19 53273 --a------ c:\downloads\base394c.avc
    2008-12-06 04:19 53271 --a------ c:\downloads\base465c.avc
    2008-12-06 04:19 53270 --a------ c:\downloads\base383c.avc
    2008-12-06 04:19 53269 --a------ c:\downloads\ext051c.avc
    2008-12-06 04:19 53265 --a------ c:\downloads\base391c.avc
    2008-12-06 04:19 53264 --a------ c:\downloads\base362c.avc
    2008-12-06 04:19 53258 --a------ c:\downloads\base403c.avc
    2008-12-06 04:19 53152 --a------ c:\downloads\base420c.avc
    2008-12-06 04:19 53079 --a------ c:\downloads\base433c.avc
    2008-12-06 04:19 53071 --a------ c:\downloads\base164c.avc
    2008-12-06 04:19 53056 --a------ c:\downloads\base349c.avc
    2008-12-06 04:19 53047 --a------ c:\downloads\base422c.avc
    2008-12-06 04:19 52986 --a------ c:\downloads\base419c.avc
    2008-12-06 04:19 52982 --a------ c:\downloads\base366c.avc
    2008-12-06 04:19 52971 --a------ c:\downloads\base376c.avc
    2008-12-06 04:19 52961 --a------ c:\downloads\base361c.avc
    2008-12-06 04:19 52951 --a------ c:\downloads\base440c.avc
    2008-12-06 04:19 52931 --a------ c:\downloads\base343c.avc
    2008-12-06 04:19 52916 --a------ c:\downloads\base452c.avc
    2008-12-06 04:19 52869 --a------ c:\downloads\base386c.avc
    2008-12-06 04:19 52761 --a------ c:\downloads\unp040.avc
    2008-12-06 04:19 52747 --a------ c:\downloads\base448c.avc
    2008-12-06 04:19 52699 --a------ c:\downloads\base413c.avc
    2008-12-06 04:19 52647 --a------ c:\downloads\base466c.avc
    2008-12-06 04:19 52584 --a------ c:\downloads\base384c.avc
    2008-12-06 04:19 52557 --a------ c:\downloads\base458c.avc
    2008-12-06 04:19 52555 --a------ c:\downloads\base421c.avc
    2008-12-06 04:19 52513 --a------ c:\downloads\base437c.avc
    2008-12-06 04:19 52482 --a------ c:\downloads\ext060c.avc
    2008-12-06 04:19 52461 --a------ c:\downloads\base455c.avc
    2008-12-06 04:19 52401 --a------ c:\downloads\base348c.avc
    2008-12-06 04:19 52399 --a------ c:\downloads\unp011.avc
    2008-12-06 04:19 52397 --a------ c:\downloads\base375c.avc
    2008-12-06 04:19 52336 --a------ c:\downloads\base336c.avc
    2008-12-06 04:19 52296 --a------ c:\downloads\base350c.avc
    2008-12-06 04:19 52247 --a------ c:\downloads\base166c.avc
    2008-12-06 04:19 52224 --a------ c:\downloads\base344c.avc
    2008-12-06 04:19 52220 --a------ c:\downloads\base424c.avc
    2008-12-06 04:19 52212 --a------ c:\downloads\base392c.avc
    2008-12-06 04:19 52175 --a------ c:\downloads\base320c.avc
    2008-12-06 04:19 52154 --a------ c:\downloads\base174c.avc
    2008-12-06 04:19 52151 --a------ c:\downloads\base218c.avc
    2008-12-06 04:19 52137 --a------ c:\downloads\base387c.avc
    2008-12-06 04:19 52083 --a------ c:\downloads\base197c.avc
    2008-12-06 04:19 52074 --a------ c:\downloads\base173c.avc
    2008-12-06 04:19 52063 --a------ c:\downloads\base454c.avc
    2008-12-06 04:19 52059 --a------ c:\downloads\base380c.avc
    2008-12-06 04:19 52044 --a------ c:\downloads\base425c.avc
    2008-12-06 04:19 52033 --a------ c:\downloads\base423c.avc
    2008-12-06 04:19 52022 --a------ c:\downloads\base459c.avc
    2008-12-06 04:19 52021 --a------ c:\downloads\base441c.avc
    2008-12-06 04:19 52013 --a------ c:\downloads\base216c.avc
    2008-12-06 04:19 51951 --a------ c:\downloads\base456c.avc
    2008-12-06 04:19 51921 --a------ c:\downloads\base429c.avc
    2008-12-06 04:19 51906 --a------ c:\downloads\base165c.avc
    2008-12-06 04:19 51902 --a------ c:\downloads\base398c.avc
    2008-12-06 04:19 51845 --a------ c:\downloads\ext055c.avc
    2008-12-06 04:19 51793 --a------ c:\downloads\base203c.avc
    2008-12-06 04:19 51782 --a------ c:\downloads\base172c.avc
    2008-12-06 04:19 51739 --a------ c:\downloads\base468c.avc
    2008-12-06 04:19 51738 --a------ c:\downloads\base211c.avc
    2008-12-06 04:19 51700 --a------ c:\downloads\base190c.avc
    2008-12-06 04:19 51665 --a------ c:\downloads\base434c.avc
    2008-12-06 04:19 51632 --a------ c:\downloads\base191c.avc
    2008-12-06 04:19 51626 --a------ c:\downloads\base453c.avc
    2008-12-06 04:19 51517 --a------ c:\downloads\base181c.avc
    2008-12-06 04:19 51513 --a------ c:\downloads\base222c.avc
    2008-12-06 04:19 51476 --a------ c:\downloads\unp041.avc
    2008-12-06 04:19 51448 --a------ c:\downloads\base002c.avc
    2008-12-06 04:19 51439 --a------ c:\downloads\base356c.avc
    2008-12-06 04:19 51437 --a------ c:\downloads\base233c.avc
    2008-12-06 04:19 51377 --a------ c:\downloads\base226c.avc
    2008-12-06 04:19 51376 --a------ c:\downloads\base186c.avc
    2008-12-06 04:19 51367 --a------ c:\downloads\base374c.avc
    2008-12-06 04:19 51364 --a------ c:\downloads\base220c.avc
    2008-12-06 04:19 51355 --a------ c:\downloads\base223c.avc
    2008-12-06 04:19 51346 --a------ c:\downloads\ext062c.avc
    2008-12-06 04:19 51312 --a------ c:\downloads\base329c.avc
    2008-12-06 04:19 51302 --a------ c:\downloads\base168c.avc
    2008-12-06 04:19 51289 --a------ c:\downloads\base179c.avc
    2008-12-06 04:19 51276 --a------ c:\downloads\base196c.avc
    2008-12-06 04:19 51170 --a------ c:\downloads\base243c.avc
    2008-12-06 04:19 51159 --a------ c:\downloads\ext053c.avc
    2008-12-06 04:19 51141 --a------ c:\downloads\base470c.avc
    2008-12-06 04:19 51111 --a------ c:\downloads\base208c.avc
    2008-12-06 04:19 51107 --a------ c:\downloads\base205c.avc
    2008-12-06 04:19 51105 --a------ c:\downloads\base212c.avc
    2008-12-06 04:19 51088 --a------ c:\downloads\base178c.avc
    2008-12-06 04:19 51060 --a------ c:\downloads\base221c.avc
    2008-12-06 04:19 51022 --a------ c:\downloads\base247c.avc
    2008-12-06 04:19 50984 --a------ c:\downloads\base202c.avc
    2008-12-06 04:19 50967 --a------ c:\downloads\base234c.avc
    2008-12-06 04:19 50956 --a------ c:\downloads\base382c.avc
    2008-12-06 04:19 50954 --a------ c:\downloads\base432c.avc
    2008-12-06 04:19 50943 --a------ c:\downloads\ext052c.avc
    2008-12-06 04:19 50913 --a------ c:\downloads\base204c.avc
    2008-12-06 04:19 50894 --a------ c:\downloads\base428c.avc
    2008-12-06 04:19 50893 --a------ c:\downloads\base415c.avc
    2008-12-06 04:19 50888 --a------ c:\downloads\base462c.avc
    2008-12-06 04:19 50829 --a------ c:\downloads\base305c.avc
    2008-12-06 04:19 50825 --a------ c:\downloads\base238c.avc
    2008-12-06 04:19 50807 --a------ c:\downloads\base198c.avc
    2008-12-06 04:19 50776 --a------ c:\downloads\base219c.avc
    2008-12-06 04:19 50775 --a------ c:\downloads\base225c.avc
    2008-12-06 04:19 50769 --a------ c:\downloads\base001c.avc
    2008-12-06 04:19 50765 --a------ c:\downloads\base167c.avc
    2008-12-06 04:19 50751 --a------ c:\downloads\base298c.avc
    2008-12-06 04:19 50706 --a------ c:\downloads\base427c.avc
    2008-12-06 04:19 50670 --a------ c:\downloads\base209c.avc
    2008-12-06 04:19 50661 --a------ c:\downloads\base438c.avc
    2008-12-06 04:19 50657 --a------ c:\downloads\base005c.avc
    2008-12-06 04:19 50598 --a------ c:\downloads\unp027.avc
    2008-12-06 04:19 50592 --a------ c:\downloads\ext061c.avc
    2008-12-06 04:19 50591 --a------ c:\downloads\ext056c.avc
    2008-12-06 04:19 50531 --a------ c:\downloads\base290c.avc
    2008-12-06 04:19 50525 --a------ c:\downloads\base302c.avc
    2008-12-06 04:19 50504 --a------ c:\downloads\base240c.avc
    2008-12-06 04:19 50478 --a------ c:\downloads\base306c.avc
    2008-12-06 04:19 50441 --a------ c:\downloads\base280c.avc
    2008-12-06 04:19 50405 --a------ c:\downloads\base300c.avc
    2008-12-06 04:19 50393 --a------ c:\downloads\base229c.avc
    2008-12-06 04:19 50388 --a------ c:\downloads\base210c.avc
    2008-12-06 04:19 50335 --a------ c:\downloads\base007c.avc
    2008-12-06 04:19 50316 --a------ c:\downloads\base289c.avc
    2008-12-06 04:19 50308 --a------ c:\downloads\base227c.avc
    2008-12-06 04:19 50304 --a------ c:\downloads\base189c.avc
    2008-12-06 04:19 50286 --a------ c:\downloads\base006c.avc
    2008-12-06 04:19 50284 --a------ c:\downloads\base171c.avc
    2008-12-06 04:19 50239 --a------ c:\downloads\base261c.avc
    2008-12-06 04:19 5023 --a------ c:\downloads\krndos.avc
    2008-12-06 04:19 50200 --a------ c:\downloads\base217c.avc
    2008-12-06 04:19 50166 --a------ c:\downloads\base004c.avc
    2008-12-06 04:19 50163 --a------ c:\downloads\base175c.avc
    2008-12-06 04:19 50152 --a------ c:\downloads\base180c.avc
    2008-12-06 04:19 50136 --a------ c:\downloads\base262c.avc
    2008-12-06 04:19 50098 --a------ c:\downloads\base008c.avc
    2008-12-06 04:19 50030 --a------ c:\downloads\base461c.avc
    2008-12-06 04:19 50029 --a------ c:\downloads\base385c.avc
    2008-12-06 04:19 50028 --a------ c:\downloads\base215c.avc
    2008-12-06 04:19 50006 --a------ c:\downloads\base188c.avc
    2008-12-06 04:19 49971 --a------ c:\downloads\base199c.avc
    2008-12-06 04:19 49908 --a------ c:\downloads\base206c.avc
    2008-12-06 04:19 49865 --a------ c:\downloads\base265c.avc
    2008-12-06 04:19 49860 --a------ c:\downloads\base003c.avc
    2008-12-06 04:19 49851 --a------ c:\downloads\base195c.avc
    2008-12-06 04:19 49840 --a------ c:\downloads\base176c.avc
    2008-12-06 04:19 49835 --a------ c:\downloads\base281c.avc
    2008-12-06 04:19 4978 --a------ c:\downloads\base032.avc
    2008-12-06 04:19 49764 --a------ c:\downloads\base270c.avc
    2008-12-06 04:19 49763 --a------ c:\downloads\base177c.avc
    2008-12-06 04:19 49752 --a------ c:\downloads\unp037.avc
    2008-12-06 04:19 49735 --a------ c:\downloads\base246c.avc
    2008-12-06 04:19 49724 --a------ c:\downloads\base224c.avc
    2008-12-06 04:19 49723 --a------ c:\downloads\base235c.avc
    2008-12-06 04:19 49723 --a------ c:\downloads\base170c.avc
    2008-12-06 04:19 49717 --a------ c:\downloads\base259c.avc
    2008-12-06 04:19 49715 --a------ c:\downloads\base297c.avc
    2008-12-06 04:19 49688 --a------ c:\downloads\base213c.avc
    2008-12-06 04:19 49678 --a------ c:\downloads\base275c.avc
    2008-12-06 04:19 49635 --a------ c:\downloads\base267c.avc
    2008-12-06 04:19 49620 --a------ c:\downloads\base245c.avc
    2008-12-06 04:19 49598 --a------ c:\downloads\ext007.avc
    2008-12-06 04:19 49577 --a------ c:\downloads\base201c.avc
    2008-12-06 04:19 49569 --a------ c:\downloads\base232c.avc
    2008-12-06 04:19 49555 --a------ c:\downloads\ext063c.avc
    2008-12-06 04:19 49543 --a------ c:\downloads\base295c.avc
    2008-12-06 04:19 49503 --a------ c:\downloads\base276c.avc
    2008-12-06 04:19 49480 --a------ c:\downloads\base303c.avc
    2008-12-06 04:19 49468 --a------ c:\downloads\base263c.avc
    2008-12-06 04:19 49453 --a------ c:\downloads\base271c.avc
    2008-12-06 04:19 49424 --a------ c:\downloads\base250c.avc
    2008-12-06 04:19 49413 --a------ c:\downloads\base304c.avc
    2008-12-06 04:19 49401 --a------ c:\downloads\base207c.avc
    2008-12-06 04:19 49400 --a------ c:\downloads\base268c.avc
    2008-12-06 04:19 49381 --a------ c:\downloads\base214c.avc
    2008-12-06 04:19 49363 --a------ c:\downloads\base287c.avc
    2008-12-06 04:19 49355 --a------ c:\downloads\base192c.avc
    2008-12-06 04:19 49331 --a------ c:\downloads\base249c.avc
    2008-12-06 04:19 49291 --a------ c:\downloads\base460c.avc
    2008-12-06 04:19 49280 --a------ c:\downloads\base301c.avc
    2008-12-06 04:19 49270 --a------ c:\downloads\base296c.avc
    2008-12-06 04:19 49252 --a------ c:\downloads\base285c.avc
    2008-12-06 04:19 49248 --a------ c:\downloads\base294c.avc
    2008-12-06 04:19 49214 --a------ c:\downloads\base273c.avc
    2008-12-06 04:19 49204 --a------ c:\downloads\base266c.avc
    2008-12-06 04:19 49199 --a------ c:\downloads\base431c.avc
    2008-12-06 04:19 49199 --a------ c:\downloads\base187c.avc
    2008-12-06 04:19 49129 --a------ c:\downloads\base269c.avc
    2008-12-06 04:19 49124 --a------ c:\downloads\base288c.avc
    2008-12-06 04:19 49121 --a------ c:\downloads\krnun003.avc
    2008-12-06 04:19 49073 --a------ c:\downloads\base299c.avc
    2008-12-06 04:19 49018 --a------ c:\downloads\base237c.avc
    2008-12-06 04:19 49004 --a------ c:\downloads\base291c.avc
    2008-12-06 04:19 48938 --a------ c:\downloads\base183c.avc
    2008-12-06 04:19 48919 --a------ c:\downloads\ext059c.avc
    2008-12-06 04:19 48890 --a------ c:\downloads\base274c.avc
    2008-12-06 04:19 48885 --a------ c:\downloads\base430c.avc
    2008-12-06 04:19 48854 --a------ c:\downloads\base331c.avc
    2008-12-06 04:19 48787 --a------ c:\downloads\base258c.avc
    2008-12-06 04:19 48732 --a------ c:\downloads\unp009.avc
    2008-12-06 04:19 48732 --a------ c:\downloads\base272c.avc
    2008-12-06 04:19 48693 --a------ c:\downloads\base242c.avc
    2008-12-06 04:19 48691 --a------ c:\downloads\base255c.avc
    2008-12-06 04:19 48690 --a------ c:\downloads\base260c.avc
    2008-12-06 04:19 48662 --a------ c:\downloads\base230c.avc
    2008-12-06 04:19 48586 --a------ c:\downloads\base284c.avc
    2008-12-06 04:19 48555 --a------ c:\downloads\base182c.avc
    2008-12-06 04:19 4849 --a------ c:\downloads\base999.avc
    2008-12-06 04:19 48468 --a------ c:\downloads\base193c.avc
    2008-12-06 04:19 48449 --a------ c:\downloads\ext065c.avc
    2008-12-06 04:19 48407 --a------ c:\downloads\base248c.avc
    2008-12-06 04:19 48389 --a------ c:\downloads\base464c.avc
    2008-12-06 04:19 48377 --a------ c:\downloads\base252c.avc
    2008-12-06 04:19 48373 --a------ c:\downloads\base286c.avc
    2008-12-06 04:19 48362 --a------ c:\downloads\base308c.avc
    2008-12-06 04:19 48328 --a------ c:\downloads\unp001.avc
    2008-12-06 04:19 48297 --a------ c:\downloads\base283c.avc
    2008-12-06 04:19 48247 --a------ c:\downloads\base200c.avc
    2008-12-06 04:19 48242 --a------ c:\downloads\base443c.avc
    2008-12-06 04:19 48231 --a------ c:\downloads\base426c.avc
    2008-12-06 04:19 48184 --a------ c:\downloads\ext031c.avc
    2008-12-06 04:19 48162 --a------ c:\downloads\base231c.avc
    2008-12-06 04:19 48120 --a------ c:\downloads\base236c.avc
    2008-12-06 04:19 48027 --a------ c:\downloads\base239c.avc
    2008-12-06 04:19 48013 --a------ c:\downloads\base253c.avc
    2008-12-06 04:19 47992 --a------ c:\downloads\base194c.avc
    2008-12-06 04:19 47959 --a------ c:\downloads\ext039c.avc
    2008-12-06 04:19 4794 --a------ c:\downloads\base001.avc
    2008-12-06 04:19 47821 --a------ c:\downloads\base254c.avc
    2008-12-06 04:19 47745 --a------ c:\downloads\base256c.avc
    2008-12-06 04:19 47650 --a------ c:\downloads\base185c.avc
    2008-12-06 04:19 47515 --a------ c:\downloads\base244c.avc
    2008-12-06 04:19 47501 --a------ c:\downloads\ext064c.avc
    2008-12-06 04:19 47461 --a------ c:\downloads\base371c.avc
    2008-12-06 04:19 47433 --a------ c:\downloads\base241c.avc
    2008-12-06 04:19 47425 --a------ c:\downloads\base402c.avc
    2008-12-06 04:19 47424 --a------ c:\downloads\base228c.avc
    2008-12-06 04:19 47363 --a------ c:\downloads\base307c.avc
    2008-12-06 04:19 47141 --a------ c:\downloads\base264c.avc
    2008-12-06 04:19 46823 --a------ c:\downloads\krnjava.avc
    2008-12-06 04:19 46706 --a------ c:\downloads\base338c.avc
    2008-12-06 04:19 46516 --a------ c:\downloads\unp038.avc
    2008-12-06 04:19 46454 --a------ c:\downloads\base251c.avc
    2008-12-06 04:19 46389 --a------ c:\downloads\ext022c.avc
    2008-12-06 04:19 46213 --a------ c:\downloads\ext040c.avc
    2008-12-06 04:19 4621 --a------ c:\downloads\base004.avc
    2008-12-06 04:19 46138 --a------ c:\downloads\base292c.avc
    2008-12-06 04:19 46091 --a------ c:\downloads\base184c.avc
    2008-12-06 04:19 46060 --a------ c:\downloads\dailyc.avc
    2008-12-06 04:19 46037 --a------ c:\downloads\base169c.avc
    2008-12-06 04:19 46013 --a------ c:\downloads\ext041c.avc
    2008-12-06 04:19 45908 --a------ c:\downloads\ext050c.avc
    2008-12-06 04:19 45895 --a------ c:\downloads\base463c.avc
    2008-12-06 04:19 45657 --a------ c:\downloads\base293c.avc
    2008-12-06 04:19 45123 --a------ c:\downloads\base030.avc
    2008-12-06 04:19 45003 --a------ c:\downloads\ext032c.avc
    2008-12-06 04:19 44786 --a------ c:\downloads\base257c.avc
    2008-12-06 04:19 44566 --a------ c:\downloads\ext058c.avc
    2008-12-06 04:19 44546 --a------ c:\downloads\unp033.avc
    2008-12-06 04:19 44514 --a------ c:\downloads\unp039.avc
    2008-12-06 04:19 44469 --a------ c:\downloads\ext007c.avc
    2008-12-06 04:19 44345 --a------ c:\downloads\krnun002.avc
    2008-12-06 04:19 44220 --a------ c:\downloads\base337c.avc
    2008-12-06 04:19 4415 --a------ c:\downloads\base137.avc
    2008-12-06 04:19 4413 --a------ c:\downloads\base005.avc
    2008-12-06 04:19 43515 --a------ c:\downloads\krnengn.avc
    2008-12-06 04:19 43215 --a------ c:\downloads\ext038c.avc
    2008-12-06 04:19 43122 --a------ c:\downloads\ext026c.avc
    2008-12-06 04:19 42873 --a------ c:\downloads\krnun001.avc
    2008-12-06 04:19 42780 --a------ c:\downloads\ext012c.avc
    2008-12-06 04:19 4278 --a------ c:\downloads\base143.avc
    2008-12-06 04:19 42475 --a------ c:\downloads\ext033c.avc
    2008-12-06 04:19 42405 --a------ c:\downloads\base442c.avc
    2008-12-06 04:19 42228 --a------ c:\downloads\ext027c.avc
    2008-12-06 04:19 41710 --a------ c:\downloads\krn004.avc
    2008-12-06 04:19 41684 --a------ c:\downloads\ca003.avc
    2008-12-06 04:19 41595 --a------ c:\downloads\ext048c.avc
    2008-12-06 04:19 41473 --a------ c:\downloads\ext057c.avc
    2008-12-06 04:19 41425 --a------ c:\downloads\ext035c.avc
    2008-12-06 04:19 4113 --a------ c:\downloads\base100.avc
    2008-12-06 04:19 40986 --a------ c:\downloads\unp036.avc
    2008-12-06 04:19 40769 --a------ c:\downloads\ext034c.avc
    2008-12-06 04:19 40304 --a------ c:\downloads\ext023c.avc
    2008-12-06 04:19 40126 --a------ c:\downloads\unp026.avc
    2008-12-06 04:19 39988 --a------ c:\downloads\ext036c.avc
    2008-12-06 04:19 39733 --a------ c:\downloads\ext030c.avc
    2008-12-06 04:19 38586 --a------ c:\downloads\ext010c.avc
    2008-12-06 04:19 38554 --a------ c:\downloads\ca002.avc
    2008-12-06 04:19 38483 --a------ c:\downloads\krn002.avc
    2008-12-06 04:19 38362 --a------ c:\downloads\ext011c.avc
    2008-12-06 04:19 38340 --a------ c:\downloads\unp012.avc
    2008-12-06 04:19 38198 --a------ c:\downloads\ext028c.avc
    2008-12-06 04:19 37992 --a------ c:\downloads\ext044c.avc
    2008-12-06 04:19 37830 --a------ c:\downloads\unp020.avc
    2008-12-06 04:19 37739 --a------ c:\downloads\ext045c.avc
    2008-12-06 04:19 3757 --a------ c:\downloads\base104.avc
    2008-12-06 04:19 37268 --a------ c:\downloads\unp022.avc
    2008-12-06 04:19 372 --a------ c:\downloads\krn003.avc
    2008-12-06 04:19 37120 --a------ c:\downloads\ext037c.avc
    2008-12-06 04:19 37041 --a------ c:\downloads\ext042c.avc
    2008-12-06 04:19 36871 --a------ c:\downloads\gen002.avc
    2008-12-06 04:19 36752 --a------ c:\downloads\ext049c.avc
    2008-12-06 04:19 3633 --a------ c:\downloads\base141.avc
    2008-12-06 04:19 35992 --a------ c:\downloads\ext029c.avc
    2008-12-06 04:19 35946 --a------ c:\downloads\unp025.avc
    2008-12-06 04:19 35691 --a------ c:\downloads\gen004.avc
    2008-12-06 04:19 35657 --a------ c:\downloads\base025.avc
    2008-12-06 04:19 35011 --a------ c:\downloads\ext015c.avc
    2008-12-06 04:19 34814 --a------ c:\downloads\unp018.avc
    2008-12-06 04:19 34777 --a------ c:\downloads\base031.avc
    2008-12-06 04:19 3407 --a------ c:\downloads\base161.avc
    2008-12-06 04:19 33953 --a------ c:\downloads\unp030.avc
    2008-12-06 04:19 3388 --a------ c:\downloads\base132.avc
    2008-12-06 04:19 32425 --a------ c:\downloads\ext018c.avc
    2008-12-06 04:19 3240 --a------ c:\downloads\base127.avc
    2008-12-06 04:19 32334 --a------ c:\downloads\ext046c.avc
    2008-12-06 04:19 32251 --a------ c:\downloads\base028.avc
    2008-12-06 04:19 32229 --a------ c:\downloads\ext014c.avc
    2008-12-06 04:19 32209 --a------ c:\downloads\unp028.avc
    2008-12-06 04:19 32195 --a------ c:\downloads\krnexe.avc
    2008-12-06 04:19 32093 --a------ c:\downloads\base029.avc
    2008-12-06 04:19 32034 --a------ c:\downloads\ext013c.avc
    2008-12-06 04:19 31606 --a------ c:\downloads\gen003.avc
    2008-12-06 04:19 31320 --a------ c:\downloads\ext025c.avc
    2008-12-06 04:19 31218 --a------ c:\downloads\unp032.avc
    2008-12-06 04:19 31085 --a------ c:\downloads\base027.avc
    2008-12-06 04:19 30861 --a------ c:\downloads\ext016c.avc
    2008-12-06 04:19 3075 --a------ c:\downloads\base109.avc
    2008-12-06 04:19 30700 --a------ c:\downloads\ext017c.avc
    2008-12-06 04:19 30137 --a------ c:\downloads\gen999.avc
    2008-12-06 04:19 29739 --a------ c:\downloads\ext043c.avc
    2008-12-06 04:19 29021 --a------ c:\downloads\ext020c.avc
    2008-12-06 04:19 2853 --a------ c:\downloads\base089.avc
    2008-12-06 04:19 28284 --a------ c:\downloads\ext021c.avc
    2008-12-06 04:19 28187 --a------ c:\downloads\gen001.avc
    2008-12-06 04:19 27882 --a------ c:\downloads\unp000.avc
    2008-12-06 04:19 27878 --a------ c:\downloads\ext047c.avc
    2008-12-06 04:19 2785 --a------ c:\downloads\base142.avc
    2008-12-06 04:19 27795 --a------ c:\downloads\unp031.avc
    2008-12-06 04:19 2762 --a------ c:\downloads\base042.avc
    2008-12-06 04:19 27580 --a------ c:\downloads\base162.avc
    2008-12-06 04:19 27545 --a------ c:\downloads\ext024c.avc
    2008-12-06 04:19 27478 --a------ c:\downloads\ext019c.avc
    2008-12-06 04:19 2687 --a------ c:\downloads\base135.avc
    2008-12-06 04:19 26634 --a------ c:\downloads\base277c.avc
    2008-12-06 04:19 262 --a------ c:\downloads\ext008.avc
    2008-12-06 04:19 262 --a------ c:\downloads\ext006.avc
    2008-12-06 04:19 262 --a------ c:\downloads\ext005.avc
    2008-12-06 04:19 262 --a------ c:\downloads\ext004.avc
    2008-12-06 04:19 262 --a------ c:\downloads\ext003.avc
    2008-12-06 04:19 262 --a------ c:\downloads\daily-ex.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base126.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base120.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base118.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base117.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base112.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base108.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base106.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base103.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base102.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base098.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base096.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base094.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base093.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base084.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base083.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base077.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base076.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base075.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base074.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base071.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base067.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base066.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base065.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base062.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base061.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base054.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base041.avc
    2008-12-06 04:19 262 --a------ c:\downloads\base035.avc
    2008-12-06 04:19 2570 --a------ c:\downloads\base152.avc
    2008-12-06 04:19 2545 --a------ c:\downloads\base073.avc
    2008-12-06 04:19 2452 --a------ c:\downloads\base049.avc
    2008-12-06 04:19 24392 --a------ c:\downloads\unp021.avc
    2008-12-06 04:19 24163 --a------ c:\downloads\unp004.avc
    2008-12-06 04:19 2402 --a------ c:\downloads\base157.avc
    2008-12-06 04:19 2373 --a------ c:\downloads\base140.avc
    2008-12-06 04:19 2359 --a------ c:\downloads\base056.avc
    2008-12-06 04:19 2331 --a------ c:\downloads\base044.avc
    2008-12-06 04:19 2211 --a------ c:\downloads\base146.avc
    2008-12-06 04:19 22031 --a------ c:\downloads\base026.avc
    2008-12-06 04:19 21811 --a------ c:\downloads\base079.avc
    2008-12-06 04:19 21568 --a------ c:\downloads\avcmhk5.mhk
    2008-12-06 04:19 2148 --a------ c:\downloads\base160.avc
    2008-12-06 04:19 2136 --a------ c:\downloads\base107.avc
    2008-12-06 04:19 2126 --a------ c:\downloads\base159.avc
    2008-12-06 04:19 2119 --a------ c:\downloads\base134.avc
    2008-12-06 04:19 2111 --a------ c:\downloads\base040.avc
    2008-12-06 04:19 2110 --a------ c:\downloads\base078.avc
    2008-12-06 04:19 21009 --a------ c:\downloads\daily.avc
    2008-12-06 04:19 2086 --a------ c:\downloads\base059.avc
    2008-12-06 04:19 2077 --a------ c:\downloads\base091.avc
    2008-12-06 04:19 20713 --a------ c:\downloads\base022.avc
    2008-12-06 04:19 2071 --a------ c:\downloads\base051.avc
    2008-12-06 04:19 2054 --a------ c:\downloads\base045.avc
    2008-12-06 04:19 2016 --a------ c:\downloads\base036.avc
    2008-12-06 04:19 1962 --a------ c:\downloads\base090.avc
    2008-12-06 04:19 19539 --a------ c:\downloads\base021.avc
    2008-12-06 04:19 18763 --a------ c:\downloads\base165.avc
    2008-12-06 04:19 1854 --a------ c:\downloads\base092.avc
    2008-12-06 04:19 1817 --a------ c:\downloads\base139.avc
    2008-12-06 04:19 18121 --a------ c:\downloads\base024.avc
    2008-12-06 04:19 1807 --a------ c:\downloads\base053.avc
    2008-12-06 04:19 18038 --a------ c:\downloads\base009.avc
    2008-12-06 04:19 18033 --a------ c:\downloads\ca001.avc
    2008-12-06 04:19 17960 --a------ c:\downloads\base038.avc
    2008-12-06 04:19 1764 --a------ c:\downloads\eicar.avc
    2008-12-06 04:19 17551 --a------ c:\downloads\base014.avc
    2008-12-06 04:19 1730 --a------ c:\downloads\base060.avc
    2008-12-06 04:19 1728 --a------ c:\downloads\chuka.avc
    2008-12-06 04:19 1728 --a------ c:\downloads\base111.avc
    2008-12-06 04:19 17262 --a------ c:\downloads\base472c.avc
    2008-12-06 04:19 1699 --a------ c:\downloads\ext001.avc
    2008-12-06 04:19 1659 --a------ c:\downloads\base082.avc
    2008-12-06 04:19 1641 --a------ c:\downloads\base043.avc
    2008-12-06 04:19 16398 --a------ c:\downloads\base012.avc
    2008-12-06 04:19 16291 --a------ c:\downloads\base002.avc
    2008-12-06 04:19 16133 --a------ c:\downloads\base020.avc
    2008-12-06 04:19 16104 --a------ c:\downloads\unp024.avc
    2008-12-06 04:19 16014 --a------ c:\downloads\base017.avc
    2008-12-06 04:19 160115 --a------ c:\downloads\base082c.avc
    2008-12-06 04:19 158218 --a------ c:\downloads\krnmacro.avc
    2008-12-06 04:19 1567 --a------ c:\downloads\base057.avc
    2008-12-06 04:19 15566 --a------ c:\downloads\base016.avc
    2008-12-06 04:19 1538 --a------ c:\downloads\base154.avc
    2008-12-06 04:19 15312 --a------ c:\downloads\base019.avc
    2008-12-06 04:19 15266 --a------ c:\downloads\unp029.avc
    2008-12-06 04:19 15228 --a------ c:\downloads\base003.avc
    2008-12-06 04:19 15097 --a------ c:\downloads\ext999.avc
    2008-12-06 04:19 14921 --a------ c:\downloads\base163.avc
    2008-12-06 04:19 14902 --a------ c:\downloads\avp.vnd
    2008-12-06 04:19 1483 --a------ c:\downloads\base063.avc
    2008-12-06 04:19 1482 --a------ c:\downloads\base124.avc
    2008-12-06 04:19 147958 --a------ c:\downloads\base085c.avc
    2008-12-06 04:19 14781 --a------ c:\downloads\base011.avc
    2008-12-06 04:19 14757 --a------ c:\downloads\ext066c.avc
    2008-12-06 04:19 14449 --a------ c:\downloads\mail.avc
    2008-12-06 04:19 1432 --a------ c:\downloads\base149.avc
    2008-12-06 04:19 1417 --a------ c:\downloads\base097.avc
    2008-12-06 04:19 14152 --a------ c:\downloads\kernel.avc
    2008-12-06 04:19 13802 --a------ c:\downloads\base015.avc
    2008-12-06 04:19 1343 --a------ c:\downloads\base039.avc
    2008-12-06 04:19 1338 --a------ c:\downloads\base133.avc
    2008-12-06 04:19 13279 --a------ c:\downloads\base010.avc
    2008-12-06 04:19 13195 --a------ c:\downloads\base013.avc
    2008-12-06 04:19 131835 --a------ c:\downloads\base279c.avc
    2008-12-06 04:19 1310 --a------ c:\downloads\base087.avc
    2008-12-06 04:19 1289 --a------ c:\downloads\base145.avc
    2008-12-06 04:19 1276 --a------ c:\downloads\base130.avc
    2008-12-06 04:19 1275 --a------ c:\downloads\base105.avc
    2008-12-06 04:19 1268 --a------ c:\downloads\base050.avc
    2008-12-06 04:19 12642 --a------ c:\downloads\base101.avc
    2008-12-06 04:19 12518 --a------ c:\downloads\base144.avc
    2008-12-06 04:19 1233 --a------ c:\downloads\base058.avc
    2008-12-06 04:19 1223 --a------ c:\downloads\base136.avc
    2008-12-06 04:19 1220 --a------ c:\downloads\base034.avc
    2008-12-06 04:19 12178 --a------ c:\downloads\base023.avc
    2008-12-06 04:19 12023 --a------ c:\downloads\engine.dt
    2008-12-06 04:19 12023 --a------ c:\downloads\engine.cfg
    2008-12-06 04:19 118990 --a------ c:\downloads\base278c.avc
    2008-12-06 04:19 1185 --a------ c:\downloads\base068.avc
    2008-12-06 04:19 1183 --a------ c:\downloads\base123.avc
    2008-12-06 04:19 1166 --a------ c:\downloads\base085.avc
    2008-12-06 04:19 1165 --a------ c:\downloads\base138.avc
    2008-12-06 04:19 1164 --a------ c:\downloads\base147.avc
    2008-12-06 04:19 1157 --a------ c:\downloads\base048.avc
    2008-12-06 04:19 11542 --a------ c:\downloads\ocr.avc
    2008-12-06 04:19 114662 --a------ c:\downloads\krn005.avc
    2008-12-06 04:19 1145 --a------ c:\downloads\base155.avc
    2008-12-06 04:19 113961 --a------ c:\downloads\base164.avc
    2008-12-06 04:19 11301 --a------ c:\downloads\base018.avc
    2008-12-06 04:19 1123 --a------ c:\downloads\base131.avc
    2008-12-06 04:19 11220 --a------ c:\downloads\krnun004.avc
    2008-12-06 04:19 110858 --a------ c:\downloads\fa001.avc
    2008-12-06 04:19 109893 --a------ c:\downloads\base072c.avc
    2008-12-06 04:19 109878 --a------ c:\downloads\base067c.avc
    2008-12-06 04:19 109640 --a------ c:\downloads\base066c.avc
    2008-12-06 04:19 1095 --a------ c:\downloads\base081.avc
    2008-12-06 04:19 1095 --a------ c:\downloads\base080.avc
    2008-12-06 04:19 109248 --a------ c:\downloads\base069c.avc
    2008-12-06 04:19 108930 --a------ c:\downloads\base074c.avc
    2008-12-06 04:19 108815 --a------ c:\downloads\base078c.avc
    2008-12-06 04:19 108600 --a------ c:\downloads\base075c.avc
    2008-12-06 04:19 108080 --a------ c:\downloads\base068c.avc
    2008-12-06 04:19 107977 --a------ c:\downloads\base071c.avc
    2008-12-06 04:19 107860 --a------ c:\downloads\base096c.avc
    2008-12-06 04:19 107747 --a------ c:\downloads\base070c.avc
    2008-12-06 04:19 107703 --a------ c:\downloads\base080c.avc
    2008-12-06 04:19 10769 --a------ c:\downloads\avp.set
    2008-12-06 04:19 107544 --a------ c:\downloads\base081c.avc
    2008-12-06 04:19 107368 --a------ c:\downloads\base108c.avc
    2008-12-06 04:19 107354 --a------ c:\downloads\base076c.avc
    2008-12-06 04:19 107113 --a------ c:\downloads\base112c.avc
    2008-12-06 04:19 1070 --a------ c:\downloads\base064.avc
    2008-12-06 04:19 1068 --a------ c:\downloads\base128.avc
    2008-12-06 04:19 1068 --a------ c:\downloads\base099.avc
    2008-12-06 04:19 106763 --a------ c:\downloads\base077c.avc
    2008-12-06 04:19 106202 --a------ c:\downloads\base106c.avc
    2008-12-06 04:19 105946 --a------ c:\downloads\base098c.avc
    2008-12-06 04:19 105802 --a------ c:\downloads\base113c.avc
    2008-12-06 04:19 105702 --a------ c:\downloads\base116c.avc
    2008-12-06 04:19 105242 --a------ c:\downloads\base065c.avc
    2008-12-06 04:19 105184 --a------ c:\downloads\base126c.avc
    2008-12-06 04:19 105175 --a------ c:\downloads\base114c.avc
    2008-12-06 04:19 105045 --a------ c:\downloads\base034c.avc
    2008-12-06 04:19 105003 --a------ c:\downloads\base061c.avc
    2008-12-06 04:19 104990 --a------ c:\downloads\base159c.avc
    2008-12-06 04:19 104593 --a------ c:\downloads\base161c.avc
    2008-12-06 04:19 104471 --a------ c:\downloads\base073c.avc
    2008-12-06 04:19 104451 --a------ c:\downloads\base051c.avc
    2008-12-06 04:19 104325 --a------ c:\downloads\base047c.avc
    2008-12-06 04:19 104322 --a------ c:\downloads\base054c.avc
    2008-12-06 04:19 104228 --a------ c:\downloads\base053c.avc
    2008-12-06 04:19 104217 --a------ c:\downloads\base052c.avc
    2008-12-06 04:19 104084 --a------ c:\downloads\base117c.avc
    2008-12-06 04:19 103938 --a------ c:\downloads\base062c.avc
    2008-12-06 04:19 103891 --a------ c:\downloads\base064c.avc
    2008-12-06 04:19 103878 --a------ c:\downloads\base120c.avc
    2008-12-06 04:19 103775 --a------ c:\downloads\base124c.avc
    2008-12-06 04:19 103698 --a------ c:\downloads\base118c.avc
    2008-12-06 04:19 103571 --a------ c:\downloads\base125c.avc
    2008-12-06 04:19 103463 --a------ c:\downloads\ext005c.avc
    2008-12-06 04:19 103104 --a------ c:\downloads\base121c.avc
    2008-12-06 04:19 103097 --a------ c:\downloads\base041c.avc
    2008-12-06 04:19 103060 --a------ c:\downloads\base129c.avc
    2008-12-06 04:19 103053 --a------ c:\downloads\base119c.avc
    2008-12-06 04:19 103044 --a------ c:\downloads\base063c.avc
    2008-12-06 04:19 102951 --a------ c:\downloads\base160c.avc
    2008-12-06 04:19 102891 --a------ c:\downloads\base094c.avc
    2008-12-06 04:19 102804 --a------ c:\downloads\base050c.avc
    2008-12-06 04:19 102720 --a------ c:\downloads\base154c.avc
    2008-12-06 04:19 102669 --a------ c:\downloads\base097c.avc
    2008-12-06 04:19 102659 --a------ c:\downloads\base057c.avc
    2008-12-06 04:19 102643 --a------ c:\downloads\base049c.avc
    2008-12-06 04:19 102419 --a------ c:\downloads\base127c.avc
    2008-12-06 04:19 102375 --a------ c:\downloads\base056c.avc
    2008-12-06 04:19 102250 --a------ c:\downloads\base045c.avc
    2008-12-06 04:19 102150 --a------ c:\downloads\ext006c.avc
    2008-12-06 04:19 102131 --a------ c:\downloads\base111c.avc
    2008-12-06 04:19 102116 --a------ c:\downloads\base055c.avc
    2008-12-06 04:19 10205 --a------ c:\downloads\base008.avc
    2008-12-06 04:19 101975 --a------ c:\downloads\base093c.avc
    2008-12-06 04:19 101960 --a------ c:\downloads\base046c.avc
    2008-12-06 04:19 101946 --a------ c:\downloads\base083c.avc
    2008-12-06 04:19 101894 --a------ c:\downloads\base043c.avc
    2008-12-06 04:19 101757 --a------ c:\downloads\base123c.avc
    2008-12-06 04:19 101681 --a------ c:\downloads\base155c.avc
    2008-12-06 04:19 101676 --a------ c:\downloads\base153c.avc
    2008-12-06 04:19 101670 --a------ c:\downloads\base044c.avc
    2008-12-06 04:19 101573 --a------ c:\downloads\base109c.avc
    2008-12-06 04:19 101507 --a------ c:\downloads\base060c.avc
    2008-12-06 04:19 101488 --a------ c:\downloads\base039c.avc
    2008-12-06 04:19 101478 --a------ c:\downloads\base040c.avc
    2008-12-06 04:19 101264 --a------ c:\downloads\base035c.avc
    2008-12-06 04:19 101198 --a------ c:\downloads\base128c.avc
    2008-12-06 04:19 101090 --a------ c:\downloads\ext003c.avc
    2008-12-06 04:19 101063 --a------ c:\downloads\base058c.avc
    2008-12-06 04:19 100997 --a------ c:\downloads\base122c.avc
    2008-12-06 04:19 100966 --a------ c:\downloads\base089c.avc
    2008-12-06 04:19 100799 --a------ c:\downloads\base095c.avc
    2008-12-06 04:19 100777 --a------ c:\downloads\ext004c.avc
    2008-12-06 04:19 100760 --a------ c:\downloads\base042c.avc
    2008-12-06 04:19 100631 --a------ c:\downloads\base104c.avc
    2008-12-06 04:19 100405 --a------ c:\downloads\base140c.avc
    2008-12-06 04:19 100316 --a------ c:\downloads\ext001c.avc
    2008-12-06 04:19 100251 --a------ c:\downloads\base150c.avc
    2008-12-06 04:19 100211 --a------ c:\downloads\base090c.avc
    2008-12-06 04:19 100161 --a------ c:\downloads\base133c.avc


    ((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-07 11:54:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-07 11:55:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-07 11:55:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-07 14:07:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-07 14:07:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
    + 2008-12-07 12:00:21 101,250 ----a-w c:\windows\System32\perfc009.dat
    - 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-12-07 12:00:21 123,556 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
    + 2008-12-07 12:00:21 587,178 ----a-w c:\windows\System32\perfh009.dat
    - 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-12-07 12:00:21 669,578 ----a-w c:\windows\System32\perfh00C.dat
    - 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    + 2008-12-07 11:55:47 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    - 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-07 11:55:47 74,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-07 11:55:45 52,672 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:D ecryption

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 15:07:08
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(7520)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Heure de fin: 2008-12-07 15:08:50
    ComboFix-quarantined-files.txt 2008-12-07 14:08:46
    ComboFix2.txt 2008-12-07 12:29:54
    ComboFix3.txt 2008-12-07 11:21:21

    Avant-CF: 42 325 835 776 octets libres
    Après-CF: 42,077,249,536 octets libres

    1024 --- E O F --- 2008-12-06 20:26:25


    Et celui de Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:13:32, on 07/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\
    7 Décembre 2008 16:58:22

    Re,

    Poste un nouveau rapport DDS.txt, et poste-moi le fichier attach.txt que je t'avais demandé de mettre de côté. Ensuite :

    1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    2) ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...
  • Clique sur Accept
  • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  • clique une nouvelle fois sur "Accept"
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.

    3) Télécharge Toolbar-S&D ([#006dff]Team IDN
  • ) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    8 Décembre 2008 01:55:44

    Re!

    Bon alors voici tout d'abord le dernier rapport DDS:



    DDS (Version 1.0) - NTFSx86
    Run by laura at 17:00:34,71 on 07/12/2008
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1093 [GMT 1:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\laura\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [????r]
    uRun: [SuperCopier.exe] c:\program files\supercopier\SuperCopier.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [?????????] ??????????????e
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\SMSCirda.sys [2006-12-5 31232]

    =============== Created Last 30 ================

    2008-12-07 15:04 <DIR> --d----- C:\ComboFix
    2008-12-07 12:42 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-12-07 12:42 <DIR> --d----- c:\program files\UsbFix
    2008-12-07 12:15 161,792 a------- c:\windows\SWREG.exe
    2008-12-07 12:15 98,816 a------- c:\windows\sed.exe
    2008-12-07 00:28 250 a------- c:\windows\gmer.ini
    2008-12-06 23:56 <DIR> --d----- C:\ToolBar SD
    2008-12-06 21:54 <DIR> --d----- c:\programdata\Lavasoft
    2008-12-06 21:04 1,505,792 a------- c:\windows\system32\tquery.dll
    2008-12-06 21:03 860,160 a------- c:\windows\system32\WerFaultSecure.exe
    2008-12-06 21:02 506,880 a------- c:\windows\system32\MSMPEG2ENC.DLL
    2008-12-06 21:01 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
    2008-12-06 21:00 150 a------- c:\windows\system32\RacUREx.xml
    2008-12-06 21:00 145,455 a------- c:\windows\system32\perfmon.msc
    2008-12-06 21:00 599,552 a------- c:\windows\system32\vsp1cln.exe
    2008-12-06 21:00 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 357,888 a------- c:\windows\system32\wbemcomn.dll
    2008-12-06 20:59 129,536 a------- c:\windows\system32\sqmapi.dll
    2008-12-06 20:59 704,512 a------- c:\windows\system32\SmiEngine.dll
    2008-12-06 20:59 139,264 a------- c:\windows\system32\SmiInstaller.dll
    2008-12-06 20:59 218,624 a------- c:\windows\system32\wdscore.dll
    2008-12-06 20:59 130,560 a------- c:\windows\system32\PkgMgr.exe
    2008-12-06 20:58 246,784 a------- c:\windows\system32\drvstore.dll
    2008-12-06 20:58 305,152 a------- c:\windows\system32\msdelta.dll
    2008-12-06 20:58 258,560 a------- c:\windows\system32\dpx.dll
    2008-12-06 20:58 35,328 a------- c:\windows\system32\mspatcha.dll
    2008-12-06 18:34 <DIR> --d----- c:\windows\system32\RS4
    2008-12-06 17:58 <DIR> --d----- C:\VundoFix Backups
    2008-12-06 15:45 <DIR> --d----- C:\PerfLogs
    2008-12-06 14:52 <DIR> --d----- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 <DIR> --d----- C:\Downloads
    2008-12-06 04:11 <DIR> --d----- C:\Bases
    2008-12-06 04:10 <DIR> --d----- C:\Kaspersky
    2008-12-05 20:17 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2008-12-05 20:17 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
    2008-11-26 18:09 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
    2008-11-26 18:09 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
    2008-11-26 18:09 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
    2008-11-26 18:09 712,704 a------- c:\windows\system32\WindowsCodecs.dll
    2008-11-26 18:09 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
    2008-11-26 18:09 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
    2008-11-26 18:09 1,645,568 a------- c:\windows\system32\connect.dll
    2008-11-23 16:36 1,524,736 a------- c:\windows\system32\wucltux.dll
    2008-11-23 16:35 83,456 a------- c:\windows\system32\wudriver.dll
    2008-11-23 16:35 162,064 a------- c:\windows\system32\wuwebv.dll
    2008-11-23 16:35 31,232 a------- c:\windows\system32\wuapp.exe
    2008-11-22 13:26 <DIR> --d----- c:\program files\MSECache
    2008-11-16 13:15 179,712 a------- c:\users\laura\gif.exe
    2008-11-11 21:13 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2008-11-11 21:13 1,191,936 a------- c:\windows\system32\msxml3.dll
    2008-11-11 21:13 1,334,272 a------- c:\windows\system32\msxml6.dll
    2008-11-11 21:10 1,470,822 a------- c:\windows\system32\PerfStringBackup.INI

    ==================== Find3M ====================

    2008-12-07 13:00 669,578 a------- c:\windows\system32\perfh00C.dat
    2008-12-07 13:00 123,556 a------- c:\windows\system32\perfc00C.dat
    2008-12-06 22:54 174 a--sh--- c:\program files\desktop.ini
    2008-12-06 22:52 143,360 a------- c:\windows\inf\infstrng.dat
    2008-12-06 22:52 86,016 a------- c:\windows\inf\infstor.dat
    2008-12-06 22:52 86,016 a------- c:\windows\inf\infpub.dat
    2008-12-06 22:44 665,600 a------- c:\windows\inf\drvindex.dat
    2008-12-06 21:23 101,888 a------- c:\windows\system32\ifxcardm.dll
    2008-12-06 21:23 82,432 a------- c:\windows\system32\axaltocm.dll
    2008-11-05 08:26 79,360 a------- c:\users\laura\index.exe
    2008-10-02 04:49 827,392 a------- c:\windows\system32\wininet.dll
    2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
    2008-09-18 06:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
    2008-09-18 06:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
    2008-09-18 03:16 2,032,640 a------- c:\windows\system32\win32k.sys
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2008-03-03 18:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2008-03-03 18:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 17:01:05,83 ===============



    Ensuite, le fichier attach.txt que j'ai enregistré la dernière fois:




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Version 1.0)

    Microsoft® Windows Vista™ Édition Familiale Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/04/2007 04:16:29
    System Uptime: 12/06/2008 22:47:29 (4251 hours ago)

    Motherboard: Acer | | Grapevine
    Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U1 | 1600/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 71 GiB total, 40,356 GiB free.
    D: is FIXED (NTFS) - 71 GiB total, 1,709 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP763: 06/12/2008 21:08:52 - Service Pack 1 de Windows Vista
    RP764: 06/12/2008 21:53:56 - Installed Ad-Aware
    RP765: 06/12/2008 23:24:17 - Removed Ad-Aware

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acer Arcade Deluxe
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer OrbiCam
    Acer OrbiCam
    Acer ScreenSaver
    Acer Tour
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Creative Suite 3 Design Premium
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9 - Français
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Ajouter ou supprimer Adobe Creative Suite 3 Design Premium
    Apple Software Update
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
    Google Toolbar for Internet Explorer
    HDAUDIO Soft Data Fax Modem with SmartCP
    Intel(R) Graphics Media Accelerator Driver
    K-Lite Codec Pack 2.46 Full
    Launch Manager
    LightScribe 1.4.124.1
    Messenger Plus! Live
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office InfoPath MUI (French) 2007
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    PDF Settings
    PowerProducer
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Roll
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Samsung PC Studio 3 USB Driver Installer
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB955936)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB955470)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Visio 2007 (KB947590)
    SMSC Fast Infrared Driver
    Spybot - Search & Destroy
    SuperCopier
    Synaptics Pointing Device Driver
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb957829)
    Windows Live Messenger
    WinRAR archiver

    ==== Event Viewer Messages ===================


    ==== End Of File ===========================


    Sinon, MalwareByte's Antimalware n'a rien trouvé

    Ensuite voici le rapport Kapersky:




    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, December 8, 2008
    Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, December 07, 2008 09:20:51
    Records in database: 1441946
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 143044
    Threat name: 2
    Infected objects: 3
    Suspicious objects: 0
    Duration of the scan: 01:31:27


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\C\Users\laura\csrss.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1
    C:\Qoobox\Quarantine\C\Windows\System32\uXPi02\uXPi022328.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1
    F:\Start.exe Infected: Trojan-Spy.Win32.VB.agg 1

    The selected area was scanned.



    Et enfin le dernier rapport TB.txt:




    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
    BIOS : Ver 1.00PARTTBLP
    USER : laura ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:71 Go (Free:38 Go)
    D:\ (Local Disk) - NTFS - Total:70 Go (Free:1 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT32 - Total:3816 Mo (Free:2 Go)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [1] ( 08/12/2008| 1:36 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.fr/"
    "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://fr.fr.acer.yahoo.com"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - 06/12/2008|23:57 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 08/12/2008| 1:37 - Option : [1]

    -----------\\ Fin du rapport a 1:37:08,15


    Voila...j'espère n'avoir rien oublié! Sinon, là, d'après ce que j'ai pu lire dans kapersky, j'ai l'impression que les virus sont toujours là...Mon ordinateur fonctionne un peu au ralenti mais il fonctionne. J'attends la suite des instructions! :) 
    8 Décembre 2008 17:04:46

    Re,

    Branche ton disque E:\, G:\ et F:\, ils sont encore infectés, on va les nettoyer :) 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    File::
    E:\Start.exe
    G:\Start.exe
    F:\Start.exe


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    8 Décembre 2008 17:30:03

    :hello: 

    Alors voici le nouveau rapport de combofix:

    ComboFix 08-12-06.06 - laura 2008-12-08 17:15:35.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1120 [GMT 1:00]
    Lancé depuis: c:\users\laura\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    E:\Start.exe
    F:\Start.exe
    G:\Start.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\Start.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-07 18:30 . 2008-12-07 18:30 <REP> d-------- c:\program files\Java
    2008-12-07 18:30 . 2008-12-07 18:30 410,984 --a------ c:\windows\System32\deploytk.dll
    2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\users\laura\AppData\Roaming\Malwarebytes
    2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\users\All Users\Malwarebytes
    2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\programdata\Malwarebytes
    2008-12-07 17:12 . 2008-12-07 17:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-07 17:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-07 17:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-12-07 12:42 . 2008-12-07 12:42 <REP> d-------- c:\program files\UsbFix
    2008-12-07 12:42 . 2008-12-07 12:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-12-07 00:28 . 2008-12-07 00:28 250 --a------ c:\windows\gmer.ini
    2008-12-06 23:56 . 2008-12-08 01:37 <REP> d-------- C:\ToolBar SD
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-06 21:54 . 2008-12-06 21:57 <REP> d-------- c:\programdata\Lavasoft
    2008-12-06 21:03 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2008-12-06 21:02 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
    2008-12-06 21:01 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2008-12-06 21:00 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
    2008-12-06 21:00 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
    2008-12-06 21:00 . 2008-01-05 12:39 150 --a------ c:\windows\System32\RacUREx.xml
    2008-12-06 21:00 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-12-06 20:59 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2008-12-06 20:59 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2008-12-06 20:59 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2008-12-06 20:59 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2008-12-06 20:59 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2008-12-06 20:59 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2008-12-06 20:58 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2008-12-06 20:58 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2008-12-06 20:58 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2008-12-06 20:58 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
    2008-12-06 18:34 . 2008-12-06 18:35 <REP> d-------- c:\windows\System32\RS4
    2008-12-06 17:58 . 2008-12-06 17:58 <REP> d-------- C:\VundoFix Backups
    2008-12-06 15:45 . 2008-12-06 15:45 <REP> d-------- C:\PerfLogs
    2008-12-06 14:52 . 2008-12-06 19:04 <REP> d-------- C:\7dbac67deba88655a43e5526a8d3
    2008-12-06 04:11 . 2008-12-06 04:19 <REP> d-------- C:\Downloads
    2008-12-06 04:11 . 2008-12-06 04:20 <REP> d-------- C:\Bases
    2008-12-06 04:10 . 2008-12-06 04:20 <REP> d-------- C:\Kaspersky
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 22:56 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-05 20:17 . 2008-12-06 23:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-11-26 18:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 18:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 18:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 18:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 18:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 18:09 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 18:09 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-23 16:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-23 16:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-23 16:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-23 16:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-23 16:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-23 16:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-23 16:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-23 16:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-23 16:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-22 13:26 . 2008-11-22 13:26 <REP> d-------- c:\program files\MSECache
    2008-11-16 13:15 . 2008-12-06 20:29 179,712 --a------ c:\users\laura\gif.exe
    2008-11-11 21:13 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-11 21:13 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-11 21:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 21:10 . 2008-12-08 17:11 1,470,822 --a------ c:\windows\System32\PerfStringBackup.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-06 21:54 174 --sha-w c:\program files\desktop.ini
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Sidebar
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Photo Gallery
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Mail
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Journal
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Defender
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Collaboration
    2008-12-06 21:45 --------- d-----w c:\program files\Windows Calendar
    2008-12-06 20:23 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-12-06 20:23 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-12-06 19:20 --------- d-----w c:\program files\Yahoo!
    2008-11-26 02:01 --------- d-----w c:\programdata\Microsoft Help
    2008-11-22 12:23 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-05 07:26 79,360 ----a-w c:\users\laura\index.exe
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-03 17:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-03 17:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-07_12.20.16,41 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-08 16:14:28 6,225,920 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-08 16:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-07 06:36:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-08 16:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-07 11:19:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-08 16:06:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-12-07 11:19:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-08 16:18:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-08 16:18:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    + 2008-12-08 16:11:54 2,762 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{C491B8BE-F7AB-4D91-8249-28854A830DE9}.bin
    - 2008-12-07 06:37:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-12-08 16:10:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-07 06:37:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-08 16:10:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-12-07 06:37:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-08 16:10:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-07 17:30:34 144,792 ----a-w c:\windows\System32\java.exe
    + 2008-12-07 17:30:34 144,792 ----a-w c:\windows\System32\javaw.exe
    + 2008-12-07 17:30:34 148,888 ----a-w c:\windows\System32\javaws.exe
    - 2008-12-07 06:42:22 101,250 ----a-w c:\windows\System32\perfc009.dat
    + 2008-12-08 16:11:46 101,250 ----a-w c:\windows\System32\perfc009.dat
    - 2008-12-07 06:42:22 123,556 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-12-08 16:11:46 123,556 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-12-07 06:42:22 587,178 ----a-w c:\windows\System32\perfh009.dat
    + 2008-12-08 16:11:46 587,178 ----a-w c:\windows\System32\perfh009.dat
    - 2008-12-07 06:42:22 669,578 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-12-08 16:11:46 669,578 ----a-w c:\windows\System32\perfh00C.dat
    - 2008-12-07 00:48:25 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2008-12-08 16:10:53 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    - 2008-12-07 06:38:28 12,814 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    + 2008-12-08 16:08:13 12,990 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
    - 2008-12-07 06:38:28 74,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-08 16:08:12 74,674 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-07 06:38:26 52,428 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-08 16:08:11 52,704 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-08 16:11:21 4,327,011 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-05-27 05:17:28 301,568 ----a-w c:\windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.6001.16503_none_13fcab3737a334c2\srchadmin.dll
    + 2008-05-27 05:18:30 136,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\nlhtml.dll
    + 2008-05-27 05:18:32 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
    + 2008-05-27 05:18:32 40,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
    + 2008-05-27 05:17:23 194,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.6001.16503_none_fab3f42bbfadf408\offfilt.dll
    + 2008-05-27 05:18:30 38,400 ----a-w c:\windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
    + 2008-06-26 03:29:02 45,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.18098_none_f64ce87593b7801f\dataclen.dll
    + 2008-06-26 03:15:06 45,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.22211_none_f7260480ac9a8c27\dataclen.dll
    + 2008-05-10 03:35:15 564,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\emdmgmt.dll
    + 2008-06-26 03:29:02 565,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\emdmgmt.dll
    + 2008-05-10 03:17:36 564,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22176_none_9ecfdb62100b5ca7\emdmgmt.dll
    + 2008-06-26 03:15:30 565,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22211_none_9f0bbb5e0fdf3375\emdmgmt.dll
    + 2008-09-18 04:56:02 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\Faultrep.dll
    + 2008-01-19 07:33:35 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe
    + 2008-01-19 07:33:35 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe
    + 2008-09-20 04:00:23 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\Faultrep.dll
    + 2008-09-20 04:00:16 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe
    + 2008-09-20 04:00:16 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFaultSecure.exe
    + 2008-09-18 04:56:07 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\wersvc.dll
    + 2008-09-20 04:00:26 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.22271_none_7a0ae2e8aa3b1988\wersvc.dll
    + 2008-08-02 03:26:00 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\cdd.dll
    + 2008-08-02 01:01:23 625,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\dxgkrnl.sys
    + 2008-08-02 03:20:51 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\cdd.dll
    + 2008-08-02 00:59:11 625,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\dxgkrnl.sys
    + 2008-05-20 02:07:31 148,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.18075_none_4ec1fb0e8f26c88a\nwifi.sys
    + 2008-05-20 02:00:06 148,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.22183_none_4f3ec759a84e5197\nwifi.sys
    + 2008-05-28 03:27:17 223,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22188_none_56d68c90cea4d169\netio.sys
    + 2008-05-28 03:17:25 328,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\BFE.DLL
    + 2008-05-28 03:28:43 101,432 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPKCLNT.SYS
    + 2008-05-28 03:19:07 595,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPUCLNT.DLL
    + 2008-05-28 03:19:32 438,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\IKEEXT.DLL
    + 2008-04-26 08:25:53 3,600,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
    + 2008-04-26 08:25:54 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
    + 2008-04-26 08:11:34 3,601,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
    + 2008-04-26 08:11:33 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
    + 2008-05-27 05:17:46 754,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
    + 2008-04-05 01:21:42 72,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacer.sys
    + 2008-04-05 03:34:31 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacerprf.dll
    + 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\traffic.dll
    + 2006-11-02 09:46:14 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\wshqos.dll
    + 2008-04-05 01:20:52 72,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacer.sys
    + 2008-04-05 03:20:42 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacerprf.dll
    + 2008-04-05 03:21:19 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\traffic.dll
    + 2008-04-05 03:21:39 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\wshqos.dll
    + 2008-04-12 03:32:11 784,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\rpcrt4.dll
    + 2008-04-12 03:16:32 784,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22156_none_b4542e025e5512e8\rpcrt4.dll
    + 2008-05-08 21:59:35 90,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.18068_none_0a48f9ec246cf834\wshext.dll
    + 2008-05-08 05:22:33 90,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.22175_none_0ac4c5ed3d9567ea\wshext.dll
    + 2008-05-08 21:59:28 512,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18068_none_82a70b5ef74dc96b\jscript.dll
    + 2008-05-08 05:18:59 512,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22175_none_8322d76010763921\jscript.dll
    + 2008-05-08 21:59:33 430,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll
    + 2008-05-08 05:22:13 430,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll
    + 2008-05-08 21:58:40 135,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\cscript.exe
    + 2008-01-19 07:34:04 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\dispex.dll
    + 2008-05-08 21:59:32 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrobj.dll
    + 2008-05-08 21:59:32 172,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrrun.dll
    + 2008-05-08 21:59:26 155,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wscript.exe
    + 2008-01-19 07:37:11 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wshcon.dll
    + 2008-05-08 03:12:11 135,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\cscript.exe
    + 2008-05-08 05:17:02 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\dispex.dll
    + 2008-05-08 05:21:52 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrobj.dll
    + 2008-05-08 05:21:52 172,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrrun.dll
    + 2008-05-08 03:12:11 155,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wscript.exe
    + 2008-05-08 05:22:33 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wshcon.dll
    + 2008-05-27 05:18:35 29,184 ----a-w c:\windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
    + 2008-05-08 19:21:56 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
    + 2008-05-08 02:47:34 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
    + 2008-04-26 08:26:49 891,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    + 2008-04-26 08:08:16 891,448 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    + 2008-05-27 05:17:16 6,103,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.6001.16503_none_df2000cce0d8c017\chtbrkr.dll
    + 2008-05-27 05:17:16 313,344 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
    + 2008-05-27 05:17:16 143,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
    + 2008-05-27 05:17:13 1,671,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.6001.16503_none_4cbdb704b61543d2\chsbrkr.dll
    + 2008-05-27 05:18:43 13,824 ----a-w c:\windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
    + 2008-05-27 05:18:32 231,936 ----a-w c:\windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
    + 2008-05-27 04:59:39 106,605 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
    + 2008-05-27 04:59:40 18,904 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
    + 2008-05-27 05:17:42 34,816 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
    + 2008-05-27 05:17:25 60,416 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
    + 2008-05-27 05:17:36 11,776 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
    + 2008-05-27 05:17:25 87,552 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
    + 2008-05-27 05:18:25 350,208 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
    + 2008-05-27 05:18:55 203,776 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
    + 2008-05-27 05:17:26 32,768 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
    + 2008-05-27 05:21:24 1,418,240 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssrch.dll
    + 2008-05-27 05:18:40 44,032 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
    + 2008-05-27 05:18:56 670,208 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
    + 2008-05-27 05:18:06 71,680 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
    + 2008-05-27 05:17:55 87,552 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
    + 2008-05-27 05:18:43 439,808 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
    + 2008-05-27 05:18:16 184,832 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
    + 2008-05-27 05:21:07 1,582,592 ----a-w c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\tquery.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:D ecryption

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-05 31232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-08 17:18:18
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-08 17:20:05
    ComboFix-quarantined-files.txt 2008-12-08 16:20:02
    ComboFix2.txt 2008-12-07 14:08:51
    ComboFix3.txt 2008-12-07 12:29:54
    ComboFix4.txt 2008-12-07 11:21:21

    Avant-CF: 40 576 790 528 octets libres
    Après-CF: 40,383,913,984 octets libres

    334 --- E O F --- 2008-12-08 16:11:54





    Et le nouveau rapport hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:23:43, on 08/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5MLLQBP\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c9dd6112b104654f.spaces.live.com/PhotoUpload...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jin...
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploade...
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8489 bytes
    8 Décembre 2008 20:02:00

    :hello:  Bonsoir,

    Comment va le PC ? Toujours des problèmes ?

    Je voudrais vérifier quelque chose :

    Télécharge Runscanner et sauvegarde-le sur ton bureau.

  • Double-clique dessus pour le lancer ( Sous vista : fais un clique droit dessus et choisis "lancer en tant qu'administrateur" )
  • Lorsque la première page apparaît, sélectionne Beginner Mode.
  • Ensuite, sur la page suivante, sélectionne Save a binary .Run file (Recommended) puis clique sur Start full scan en haut de la page.
  • A ce moment, Runscanner.exe peut demander access to the Internet, dans ce cas, ignorez les alertes de votre firewall, il en aura pour quelques minutes.
  • Lorsque le scan sera terminé, il te demandera où sauvegarder les rapports. Il le fera pour les deux fichiers suivants : .run file et log file
  • Choisis un nom pour le fichier .run "Select a name" et sauvegarde-le sur ton bureau. Le fichier .run sera visible sur ton bureau. .run file. Il te faut maintenant me l'uploader sur mediafire : http://www.mediafire.com

    Uploader un fichier sur mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
  • Clique ensuite sur "Upload".
  • A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
  • Valide et laisse l'upload se faire.
  • Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

    ;) 
    8 Décembre 2008 20:56:41

    Re,

    Tu as dû mal faire l'upload, je n'ai rien à télécharger, recommence stp.

    ;) 
    10 Décembre 2008 14:53:29

    :hello:  Bonjour,

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    12 Décembre 2008 19:36:21

    :bounce:  Youhouuu!!!! Nen mon ordinateur remarche parfaitement bien!!!

    Merci merci merci et encore MERCI!!!

    Je suis épatée de voir que certains se rendent si disponible pour les autres! Ca redonne espoir!

    Bonne continuation :) 
    13 Décembre 2008 23:45:28

    :hello:  Bonsoir,

    Suis ces étapes pour désinstaller proprement combofix et les tools que nous avons utilisés pendant la désinfection

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    ***

    Prévention :

    - Nettoyage des fichiers temporaires :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.


    Telecharge ATFcleaner sur ton Bureau.

  • Double-clique sur l'exécutable téléchargé.
  • Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
  • Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
  • Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.

    Aide : Comment utiliser AFTCleaner.

    -- Restauration Système :

    Désactive-Réactive la restauration système.

    Méthode XP :
    Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
    Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
    Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Méthode Vista :
    Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
    Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
    Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Aide : Comment Désactiver-Réactiver la Restauration Système.

    --- Affichage normal des fichiers :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Afficher les fichiers et dossiers cachés
    - Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    ---- Suppression des outils installés :

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Supprime maintenant ToolsCleaner.

    ----- Remise en place des protections, protection du système avec les Mises à Jour ! :

    Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
    Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
    Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
    Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)

    Un petit mot à propos de Java :

    Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
    Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
    C'est donc très important que tu désinstalles les anciennes versions de Java.

  • Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
  • Déinstalles toutes les versions de Java exceptée la plus récente.

    Aide : Comment utiliser Secunia Software Inspector.

    ------ Ton infection, tu la dénonces ? :

    Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
  • Ton(tes) infection(s) : Sdbot + infection par support amovible.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

    Aide : Comment dénoncer mon infection sur Malware Complaints.

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    14 Décembre 2008 10:51:12

    Bonjour!

    J'ai bien suivi toutes les étapes, j'ai été poster un message sur malware complaints.

    Par contre j'ai pas très bien compris l'utilisation de Sotware Inspector. J'ai été regarder sur le lien qui explique son utilisation mais je comprends toujours pas. J'ai lancé l'analyse, il m'a mis en rouge les logiciels à mettre à jour (si j'ai bien compris). Ensuite j'ai cliqué sur "Download" j'ai installé ce que j'ai téléchargé mais quand je relance l'analyse il me retrouve toujours les mêmes en erreur...alors je sais pas trop ce que je fais pas bien ou alors p'tete aussi que j'ai rien compris à son utilisation!

    Voila voila. Sinon pas d'autres problèmes pour le reste grâce aux explications très claires! Merci! :) 
    14 Décembre 2008 11:24:46

    Re,

    Bah, tiens tes logiciels à jour manuellement et c'est bon, pense-y :super:

    De rien ce fut un plaisir !

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Anonyme
    28 Février 2009 16:23:10

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrateur at 2009-02-28 15:11:03
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 5 GB (59%) free of 9 GB
    Total RAM: 255 MB (3% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:12:29, on 28/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    D:\PROGRA~1\AVG\AVG8\avgtray.exe
    D:\Program Files\HiYo\bin\HiYo.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    d:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    d:\PROGRA~1\AVG\AVG8\avgemc.exe
    d:\PROGRA~1\AVG\AVG8\avgam.exe
    d:\PROGRA~1\AVG\AVG8\avgrsx.exe
    d:\PROGRA~1\AVG\AVG8\avgnsx.exe
    d:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\calc.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Bureau\FLEXonline 0.1.8.6\FLEXonline.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Application Data\U3\00001628C3713647\LaunchPad.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrateur\Mes documents\Downloads\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Hiyo] D:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgfws8.exe

    --
    End of file - 6608 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-842925246-500.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - d:\Program Files\AVG\AVG8\avgssie.dll [2009-02-27 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
    IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2002-01-16 65536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2004-08-04 848922]
    {E0E899AB-F487-11D5-8D29-0050BA6940E3} - []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
    "DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
    "AVG8_TRAY"=d:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-27 1601304]
    "Hiyo"=D:\Program Files\HiYo\bin\HiYo.exe [2009-01-28 300336]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-13 1057280]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-02-27 10520]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "d:\Program Files\CCP Server 5\ccpsrv.exe"="d:\Program Files\CCP Server 5\ccpsrv.exe:*:Enabled:CyberCafePro Main Control Station"
    "D:\Program Files\PoivY.com\PoivY\PoivY.exe"="D:\Program Files\PoivY.com\PoivY\PoivY.exe:*:Enabled:p oivY"
    "D:\Program Files\InterVoip.com\InterVoip\InterVoip.exe"="D:\Program Files\InterVoip.com\InterVoip\InterVoip.exe:*:Enabled:InterVoip"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\Program Files\AVG\AVG8\avgam.exe"="D:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
    "D:\Program Files\AVG\AVG8\avgemc.exe"="D:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "D:\Program Files\AVG\AVG8\avgnsx.exe"="D:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\ImInstaller\HiYo_Installer.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3608f9e-0108-11de-954a-00d0b752a55e}]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-02-28 15:11:03 ----D---- C:\rsit
    2009-02-28 14:44:45 ----A---- C:\TCleaner.txt
    2009-02-27 16:45:58 ----D---- C:\Documents and Settings\Administrateur\Application Data\HiYo
    2009-02-27 13:29:21 ----D---- C:\Documents and Settings\All Users\Application Data\HiYo
    2009-02-27 13:21:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-02-27 13:19:33 ----A---- C:\WINDOWS\system32\avgfwdx.dll
    2009-02-27 13:19:30 ----D---- C:\Program Files\AVG
    2009-02-27 13:19:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-02-26 18:15:39 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
    2009-02-26 18:15:39 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
    2009-02-26 18:15:36 ----D---- C:\Program Files\Free Audio Pack
    2009-02-26 13:38:31 ----D---- C:\WINDOWS\Sun
    2009-02-26 13:38:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
    2009-02-26 12:48:22 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
    2009-02-26 09:11:10 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-25 16:47:48 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2009-02-25 13:32:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2009-02-24 12:47:42 ----D---- C:\Program Files\Microsoft
    2009-02-24 12:47:09 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-02-24 12:46:21 ----D---- C:\Program Files\Windows Live
    2009-02-24 12:11:45 ----HD---- C:\$AVG8.VAULT$
    2009-02-24 12:09:21 ----D---- C:\Program Files\Fichiers communs\Windows Live
    2009-02-24 11:03:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
    2009-02-24 10:54:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
    2009-02-24 10:24:21 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2009-02-24 10:23:39 ----D---- C:\Program Files\Yahoo!
    2009-02-24 10:12:42 ----D---- C:\Program Files\SuperCopier2
    2009-02-24 10:11:50 ----D---- C:\Program Files\Foxit Software
    2009-02-24 08:55:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\InterVoip
    2009-02-23 14:49:25 ----D---- C:\Program Files\trend micro
    2009-02-23 14:45:28 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
    2009-02-23 14:45:14 ----A---- C:\WINDOWS\system32\msvcr70.dll
    2009-02-23 14:00:24 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
    2009-02-23 12:53:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\PoivY
    2009-02-23 07:55:31 ----D---- C:\WINDOWS\pss
    2009-02-22 20:15:34 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-02-22 20:15:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-02-22 20:04:05 ----RSD---- C:\WINDOWS\assembly
    2009-02-22 20:01:46 ----D---- C:\WINDOWS\Microsoft.NET
    2009-02-22 19:48:05 ----D---- C:\Program Files\Common Files
    2009-02-22 19:47:54 ----D---- C:\WINDOWS\system32\ccp4
    2009-02-22 19:19:10 ----D---- C:\Downloads
    2009-02-22 19:18:50 ----D---- C:\WINDOWS\system32\AdCache
    2009-02-22 19:11:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3
    2009-02-22 19:08:51 ----A---- C:\WINDOWS\IsUn040c.exe
    2009-02-22 18:20:23 ----A---- C:\WINDOWS\system32\h323log.txt
    2009-02-22 18:17:27 ----A---- C:\WINDOWS\system32\usbui.dll
    2009-02-22 18:17:09 ----A---- C:\WINDOWS\system32\ksuser.dll
    2009-02-22 18:16:59 ----A---- C:\WINDOWS\system32\i81xdnt5.dll
    2009-02-22 18:14:28 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-22 18:14:22 ----SHD---- C:\WINDOWS\Installer
    2009-02-22 18:14:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-02-22 18:14:20 ----D---- C:\Program Files\Fichiers communs\ODBC
    2009-02-22 18:14:20 ----A---- C:\WINDOWS\ODBCINST.INI
    2009-02-22 18:14:16 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
    2009-02-22 18:14:15 ----RD---- C:\Program Files
    2009-02-22 18:14:15 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-02-22 18:14:15 ----D---- C:\Program Files\Fichiers communs
    2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2009-02-22 18:14:12 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2009-02-22 18:14:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2009-02-22 18:14:09 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2009-02-22 18:14:07 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2009-02-22 18:14:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2009-02-22 18:14:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2009-02-22 18:14:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2009-02-22 18:14:01 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2009-02-22 18:13:56 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2009-02-22 18:13:53 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2009-02-22 18:13:53 ----A---- C:\WINDOWS\TASKMAN.EXE
    2009-02-22 18:13:53 ----A---- C:\WINDOWS\system32\batt.dll
    2009-02-22 18:13:52 ----A---- C:\WINDOWS\NOTEPAD.EXE
    2009-02-22 18:13:49 ----A---- C:\WINDOWS\system32\storprop.dll
    2009-02-22 18:13:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2009-02-22 18:13:22 ----RA---- C:\WINDOWS\SET8.tmp
    2009-02-22 18:13:17 ----RA---- C:\WINDOWS\SET4.tmp
    2009-02-22 18:13:15 ----RA---- C:\WINDOWS\SET3.tmp
    2009-02-22 18:13:08 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-22 18:13:08 ----D---- C:\WINDOWS\system32\CatRoot
    2009-02-22 18:13:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-02-22 18:12:41 ----A---- C:\WINDOWS\setuplog.txt
    2009-02-22 18:12:33 ----D---- C:\Documents and Settings
    2009-02-22 18:11:46 ----SH---- C:\boot.ini
    2009-02-22 18:11:34 ----D---- C:\MODIFS
    2009-02-22 18:11:15 ----D---- C:\INSTALL
    2009-02-22 18:06:44 ----D---- C:\Program Files\Hewlett-Packard
    2009-02-22 18:06:19 ----SHD---- C:\System Volume Information
    2009-02-22 18:06:10 ----A---- C:\WINDOWS\hpdj3500.ini
    2009-02-22 18:04:04 ----A---- C:\WINDOWS\ODBC.INI
    2009-02-22 18:03:57 ----A---- C:\WINDOWS\system32\mdimon.dll
    2009-02-22 18:02:07 ----D---- C:\Program Files\Microsoft.NET
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\IME
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\3com_dmi
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\system32\1036
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\PeerNet
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\pchealth
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\ime
    2009-02-22 18:01:54 ----D---- C:\WINDOWS\ehome
    2009-02-22 18:01:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-02-22 18:01:53 ----RSD---- C:\WINDOWS\Fonts
    2009-02-22 18:01:53 ----RD---- C:\WINDOWS\Web
    2009-02-22 18:01:53 ----HD---- C:\WINDOWS\inf
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\WinSxS
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\twain_32
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Temp
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\wins
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\wbem
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\usmt
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\spool
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ShellExt
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\Setup
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ras
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\oobe
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\npp
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\mui
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\inetsrv
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\icsxml
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\ias
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\export
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\drivers
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\dhcp
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\config
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\3076
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\2052
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1054
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1042
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1041
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1037
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1033
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1031
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1028
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32\1025
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system32
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\system
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\security
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Resources
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\repair
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Provisioning
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\mui
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\msapps
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\msagent
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Media
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\java
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Help
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Driver Cache
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Debug
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Cursors
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Connection Wizard
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\Config
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\AppPatch
    2009-02-22 18:01:53 ----D---- C:\WINDOWS\addins
    2009-02-22 18:01:53 ----D---- C:\WINDOWS
    2009-02-22 18:00:40 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2009-02-22 18:00:33 ----D---- C:\Program Files\Microsoft Works
    2009-02-22 18:00:18 ----D---- C:\Program Files\Microsoft Visual Studio
    2009-02-22 17:59:50 ----D---- C:\WINDOWS\SHELLNEW
    2009-02-22 17:54:46 ----RHD---- C:\MSOCache
    2009-02-22 17:51:55 ----SHD---- C:\RECYCLER
    2009-02-22 17:47:55 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-02-22 17:47:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
    2009-02-22 17:47:48 ----HD---- C:\Program Files\Uninstall Information
    2009-02-22 17:46:01 ----D---- C:\Program Files\WinRAR
    2009-02-22 17:45:28 ----D---- C:\Program Files\Java
    2009-02-22 17:45:28 ----D---- C:\Program Files\Fichiers communs\Java
    2009-02-22 17:45:04 ----D---- C:\Program Files\FlashGet
    2009-02-22 17:42:29 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
    2009-02-22 17:42:28 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2009-02-22 17:41:48 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-02-22 17:41:45 ----D---- C:\WINDOWS\Prefetch
    2009-02-22 17:41:44 ----SD---- C:\WINDOWS\system32\Microsoft
    2009-02-22 17:41:44 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-22 17:33:11 ----D---- C:\WINDOWS\system32\xircom
    2009-02-22 17:33:11 ----D---- C:\Program Files\xerox
    2009-02-22 17:33:11 ----D---- C:\Program Files\msn gaming zone
    2009-02-22 17:33:11 ----D---- C:\Program Files\movie maker
    2009-02-22 17:33:11 ----D---- C:\Program Files\microsoft frontpage
    2009-02-22 17:32:05 ----A---- C:\WINDOWS\control.ini
    2009-02-22 17:32:05 ----A---- C:\AUTOEXEC.BAT
    2009-02-22 17:31:36 ----A---- C:\WINDOWS\OEWABLog.txt
    2009-02-22 17:31:28 ----A---- C:\WINDOWS\system32\mapi32.dll
    2009-02-22 17:29:02 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-02-22 17:29:02 ----RD---- C:\WINDOWS\Offline Web Pages
    2009-02-22 17:29:02 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-02-22 17:28:44 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-02-22 17:28:32 ----HD---- C:\Program Files\WindowsUpdate
    2009-02-22 17:28:24 ----D---- C:\Program Files\Services en ligne
    2009-02-22 17:27:39 ----D---- C:\WINDOWS\system32\DirectX
    2009-02-22 17:27:00 ----A---- C:\WINDOWS\system32\atrace.dll
    2009-02-22 17:26:57 ----A---- C:\WINDOWS\system32\desktop.ini
    2009-02-22 17:26:57 ----A---- C:\WINDOWS\desktop.ini
    2009-02-22 17:26:47 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2009-02-22 17:26:45 ----D---- C:\Program Files\Fichiers communs\Services
    2009-02-22 17:26:45 ----A---- C:\WINDOWS\system32\acctres.dll
    2009-02-22 17:26:40 ----SD---- C:\WINDOWS\Tasks
    2009-02-22 17:26:40 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2009-02-22 17:26:39 ----D---- C:\Program Files\Fichiers communs\MSSoap
    2009-02-22 17:26:32 ----D---- C:\WINDOWS\srchasst
    2009-02-22 17:26:31 ----D---- C:\WINDOWS\system32\Macromed
    2009-02-22 17:26:26 ----A---- C:\WINDOWS\system32\wuweb.dll
    2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wucltui.dll
    2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2009-02-22 17:26:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wups.dll
    2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2009-02-22 17:26:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\wuapi.dll
    2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2009-02-22 17:26:23 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2009-02-22 17:26:22 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2009-02-22 17:26:22 ----A---- C:\WINDOWS\system32\qmgr.dll
    2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrslv.dll
    2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrdm.dll
    2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2009-02-22 17:26:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2009-02-22 17:26:02 ----A---- C:\WINDOWS\system32\fltMc.exe
    2009-02-22 17:26:02 ----A---- C:\WINDOWS\system32\fltlib.dll
    2009-02-22 17:26:01 ----D---- C:\WINDOWS\system32\Restore
    2009-02-22 17:26:01 ----A---- C:\WINDOWS\system32\srrstr.dll
    2009-02-22 17:26:00 ----A---- C:\WINDOWS\system32\srsvc.dll
    2009-02-22 17:26:00 ----A---- C:\WINDOWS\system32\srclient.dll
    2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2009-02-22 17:25:59 ----A---- C:\WINDOWS\system32\ils.dll
    2009-02-22 17:25:58 ----A---- C:\WINDOWS\system32\msconf.dll
    2009-02-22 17:25:58 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2009-02-22 17:25:51 ----D---- C:\Program Files\NetMeeting
    2009-02-22 17:25:51 ----A---- C:\WINDOWS\system32\msoert2.dll
    2009-02-22 17:25:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2009-02-22 17:25:46 ----A---- C:\WINDOWS\system32\inetres.dll
    2009-02-22 17:25:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2009-02-22 17:25:37 ----D---- C:\Program Files\Outlook Express
    2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\mstinit.exe
    2009-02-22 17:25:37 ----A---- C:\WINDOWS\system32\mstask.dll
    2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\isign32.dll
    2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2009-02-22 17:25:36 ----A---- C:\WINDOWS\system32\icwdial.dll
    2009-02-22 17:25:29 ----D---- C:\Program Files\Fichiers communs\System
    2009-02-22 17:25:25 ----D---- C:\Program Files\Internet Explorer
    2009-02-22 17:23:45 ----D---- C:\Program Files\ComPlus Applications
    2009-02-22 17:23:42 ----A---- C:\WINDOWS\vbaddin.ini
    2009-02-22 17:23:42 ----A---- C:\WINDOWS\vb.ini
    2009-02-22 17:23:33 ----D---- C:\WINDOWS\Registration
    2009-02-22 17:23:18 ----D---- C:\Program Files\Windows Media Player
    2009-02-22 17:23:08 ----A---- C:\WINDOWS\system32\write.exe
    2009-02-22 17:22:57 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2009-02-22 17:22:57 ----A---- C:\WINDOWS\system32\hticons.dll
    2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\winchat.exe
    2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avwav.dll
    2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avtapi.dll
    2009-02-22 17:22:56 ----A---- C:\WINDOWS\system32\avmeter.dll
    2009-02-22 17:22:44 ----A---- C:\WINDOWS\system32\getuname.dll
    2009-02-22 17:22:43 ----A---- C:\WINDOWS\system32\charmap.exe
    2009-02-22 17:22:42 ----A---- C:\WINDOWS\system32\calc.exe
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tslabels.ini
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tskill.exe
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\tscon.exe
    2009-02-22 17:22:41 ----A---- C:\WINDOWS\system32\reset.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\shadow.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\regini.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\msg.exe
    2009-02-22 17:22:40 ----A---- C:\WINDOWS\system32\logoff.exe
    2009-02-22 17:22:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2009-02-22 17:22:39 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\stclient.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxex.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comsnap.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comrepl.dll
    2009-02-22 17:22:38 ----A---- C:\WINDOWS\system32\comaddin.dll
    2009-02-22 17:22:27 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\mplay32.exe
    2009-02-22 17:22:26 ----A---- C:\WINDOWS\system32\accwiz.exe
    2009-02-22 17:22:25 ----D---- C:\Program Files\Windows NT
    2009-02-22 17:22:25 ----A---- C:\WINDOWS\system32\mspaint.exe
    2009-02-22 17:22:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2009-02-22 17:22:24 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\remotepg.dll
    2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\mstscax.dll
    2009-02-22 17:22:23 ----A---- C:\WINDOWS\system32\mstsc.exe
    2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\rdshost.exe
    2009-02-22 17:22:22 ----A---- C:\WINDOWS\system32\rdchost.dll
    2009-02-22 17:22:21 ----A---- C:\WINDOWS\system32\termsrv.dll
    2009-02-22 17:22:20 ----D---- C:\WINDOWS\system32\MsDtc
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\qprocess.exe
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\icaapi.dll
    2009-02-22 17:22:20 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2009-02-22 17:22:19 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2009-02-22 17:22:18 ----A---- C:\WINDOWS\system32\msdtc.exe
    2009-02-22 17:22:17 ----D---- C:\WINDOWS\system32\Com
    2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\colbact.dll
    2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2009-02-22 17:22:17 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2009-02-22 17:22:16 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2009-02-22 17:22:16 ----A---- C:\WINDOWS\system32\catsrv.dll
    2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\comuid.dll
    2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2009-02-22 17:22:15 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\servdeps.dll
    2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\licwmi.dll
    2009-02-22 17:22:03 ----A---- C:\WINDOWS\system32\cmprops.dll
    2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll

    ======List of files/folders modified in the last 1 months======

    2009-02-22 18:13:59 ----A---- C:\WINDOWS\system.ini
    2009-02-22 18:03:16 ----A---- C:\WINDOWS\win.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-27 325128]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-27 27656]
    R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-27 107272]
    R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 46720]
    R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-27 29208]
    R3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
    R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-27 29208]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 avg8emc;AVG8 E-mail Scanner; d:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-27 903960]
    R2 avg8wd;AVG8 WatchDog; d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-27 298264]
    R2 avgfws8;AVG8 Firewall; d:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-02-27 1339600]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

    -----------------EOF-----------------

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS