Se connecter / S'enregistrer
Votre question

Je suis infecté !!! "Generic Host Process For Win 32"

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Février 2009 10:12:26

Bonjour tout le monde,

j'ai un gros soucis depuis quelques jours, en fait j'ai un message d'erreur "Generic Host Process For Win 32" suivi d'un autre message "Arrêt du système : Cet arrêt a été initié par AUTORITE NT\SYSTEM + Windows doit maintenant redémarrer car le service lanceur de processus serveur DCOM s'est terminé de façon inattendu"
par ailleurs, lorsque j'ouvre "Le Gestionnaire Des Taches Windows" il me semble qu'un programme au nom de "slserv.exe" bouffe beaucoup de mémoire (78%) j'ai effectuer "terminer l'arborescence du processus" et là j'ai firefox qui bouffe 98% ??? est-ce-normal??
je viens de télécharger SmitfraudFix & Hijackthis dont ci-dessous les rapports :

1/ Rapport SmitfraudFix :

SmitFraudFix v2.395

Rapport fait à 12:27:23,37, 12/02/2009
Executé à partir de D:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Administrateur.STANDARD


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ADMINI~1.STA\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Administrateur.STANDARD\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ADMINI~1.STA\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINDOWS\\system32\\userinit.exe,D:\\WINDOWS\\system32\\twex.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 213.150.176.196
DNS Server Search Order: 193.95.67.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56E5FCB5-B05B-43E3-BCB6-9EC5A0E14C22}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{99B8772E-7341-46A3-A101-2D7293F306B0}: NameServer=213.150.176.196 193.95.67.22


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
___________________________________________________

2/ Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:58, on 12/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\twex.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPBootOp] "D:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VPNClient] D:\Program Files\iPigVPN\Client\ipigclient.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: English<->Arabic - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - D:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - D:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - D:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - D:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - D:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - D:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99B8772E-7341-46A3-A101-2D7293F306B0}: NameServer = 213.150.176.196 193.95.67.22
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10285 bytes
__________________________________________________

Merci beaucoup de m'aider!!!

Autres pages sur : infecte generic host process for win

a b 8 Sécurité
16 Février 2009 14:41:54

Bonjour,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    m
    0
    l
    16 Février 2009 16:29:56

    Salut Angeldark,
    Merci beaucoup pour votre aide, voici le rapport ComboFix:

    ComboFix 09-02-15.01 - Administrateur 2009-02-16 16:07:14.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.281 [GMT 1:00]
    Lancé depuis: d:\documents and settings\Administrateur.STANDARD\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\windows\Emewipataxuh.dll
    d:\windows\system32\404Fix.exe
    d:\windows\system32\Agent.OMZ.Fix.exe
    d:\windows\system32\drivers\seneka.sys
    d:\windows\system32\drivers\senekatvmktiwj.sys
    d:\windows\system32\dumphive.exe
    d:\windows\system32\IEDFix.C.exe
    d:\windows\system32\IEDFix.exe
    d:\windows\system32\o4Patch.exe
    d:\windows\system32\Process.exe
    d:\windows\system32\senekactlgwoye.dat
    d:\windows\system32\senekadpyktxsa.dll
    d:\windows\system32\senekalxeiunkd.dll
    d:\windows\system32\senekaooqkjqyw.dat
    d:\windows\system32\SrchSTS.exe
    d:\windows\system32\tmp.reg
    d:\windows\system32\twain32
    d:\windows\system32\twain32\local.ds
    d:\windows\system32\twain32\user.ds
    d:\windows\system32\twex.exe
    d:\windows\system32\VACFix.exe
    d:\windows\system32\VCCLSID.exe
    d:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SENEKA


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-16 au 2009-02-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-12 12:43 . 2009-02-12 12:43 <REP> d-------- d:\program files\Trend Micro
    2009-02-11 12:17 . 2009-02-11 12:17 <REP> d-------- d:\program files\iPigVPN
    2009-02-10 16:01 . 2009-02-10 16:13 <REP> d-------- d:\documents and settings\Administrateur.STANDARD\Application Data\vlc
    2009-02-10 11:17 . 2001-09-28 13:00 770,048 --a------ d:\windows\system32\winntbbu.dll
    2009-02-10 11:02 . 2006-04-16 15:51 3,984,256 --a------ d:\windows\system32\OLD9.tmp
    2009-02-10 11:02 . 2006-04-16 15:51 3,984,256 --a------ d:\windows\system32\nv4_disp.dll
    2009-02-10 11:02 . 2006-04-16 15:51 3,661,280 --a------ d:\windows\system32\drivers\OLDD.tmp
    2009-02-10 11:02 . 2006-04-16 15:51 3,661,280 --a------ d:\windows\system32\drivers\nv4_mini.sys
    2009-01-30 12:21 . 2009-01-30 12:22 40,448 --a------ d:\windows\system32\chert11-303350.exe
    2009-01-30 11:38 . 2009-01-30 11:38 <REP> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Pinnacle VideoSpin
    2009-01-30 09:47 . 2009-01-30 09:47 <REP> d-------- d:\program files\Pinnacle
    2009-01-30 09:47 . 2009-01-30 09:47 <REP> d-------- d:\program files\Fichiers communs\Yahoo!
    2009-01-30 09:47 . 2009-01-30 09:47 <REP> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\VideoSpin
    2009-01-30 09:35 . 2009-01-30 09:35 <REP> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Pinnacle
    2009-01-23 14:57 . 2008-09-25 14:20 483,328 --a------ d:\windows\system32\actskn45.ocx
    2009-01-22 12:17 . 2009-01-22 12:17 <REP> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-01-22 12:17 . 2009-01-22 12:17 <REP> d-------- d:\documents and settings\Administrateur.STANDARD\Application Data\Malwarebytes
    2009-01-22 10:09 . 2009-01-22 10:09 664 --a------ d:\windows\system32\d3d9caps.dat
    2009-01-20 16:13 . 2000-05-22 06:00 647,872 --a------ d:\windows\system32\MSCOMCT2.OCX
    2009-01-20 16:13 . 2004-02-05 21:53 389,120 --a------ d:\windows\system32\actskn43.ocx
    2009-01-20 16:13 . 2004-01-08 02:43 253,952 --a------ d:\windows\system32\histogram.ocx
    2009-01-20 16:13 . 2004-01-09 11:54 188,416 --a------ d:\windows\system32\actsplash.ocx
    2009-01-20 16:13 . 2000-07-15 06:00 101,888 --a------ d:\windows\system32\VB6STKIT.DLL
    2009-01-20 11:02 . 2004-08-03 22:58 207,360 --a------ d:\windows\system32\drivers\Dot4.sys
    2009-01-20 11:02 . 2001-08-23 17:11 24,064 --a------ d:\windows\system32\drivers\Dot4usb.sys
    2009-01-20 11:02 . 2001-08-17 21:47 12,928 --a------ d:\windows\system32\drivers\Dot4Prt.sys
    2009-01-19 12:36 . 2009-01-19 13:19 <REP> d-------- d:\documents and settings\Administrateur.STANDARD\Application Data\4
    2009-01-19 11:16 . 2009-01-19 11:16 <REP> d-------- d:\documents and settings\Administrateur.STANDARD\Application Data\GPass
    2009-01-19 10:19 . 2009-01-19 13:31 <REP> d-------- d:\documents and settings\Administrateur.STANDARD\Application Data\3
    2009-01-17 13:02 . 2009-01-17 13:02 <REP> d-------- d:\program files\D-Link
    2009-01-17 13:00 . 2007-03-15 10:13 249,856 --a------ d:\windows\system32\wnicapi.dll
    2009-01-17 11:21 . 2009-01-20 11:21 <REP> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 11:43 --------- d-----w d:\program files\eMedia
    2009-02-02 14:26 --------- d-----w d:\program files\CCleaner
    2009-01-22 10:20 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Metacafe
    2009-01-17 12:00 --------- d--h--w d:\program files\InstallShield Installation Information
    2009-01-15 09:05 --------- d-----w d:\program files\VSTplugins
    2009-01-15 09:05 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Publish Providers
    2009-01-15 08:43 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Sony
    2009-01-15 08:41 --------- d-----w d:\program files\Sony
    2009-01-15 08:31 --------- d-----w d:\program files\Sony Setup
    2009-01-15 07:43 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Hide IP NG
    2009-01-13 13:07 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Autodesk
    2009-01-13 13:06 --------- d-----w d:\program files\Fichiers communs\Autodesk Shared
    2009-01-13 13:06 --------- d-----w d:\program files\AutoCAD 2004
    2009-01-13 13:01 54,784 ----a-w d:\windows\system32\drivers\CDAC11BA.EXE
    2009-01-13 13:01 12,464 ----a-w d:\windows\system32\drivers\CDAC15BA.SYS
    2009-01-13 13:00 --------- d-----w d:\program files\AnswerWorks 4.0
    2009-01-13 12:58 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Autodesk
    2009-01-13 10:14 --------- d-----w d:\program files\Winamp
    2009-01-07 12:11 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Metacafe
    2009-01-05 10:02 --------- d-----w d:\documents and settings\Administrateur.STANDARD\Application Data\Apple Computer
    2009-01-05 09:26 --------- d-----w d:\program files\QuickTime
    2009-01-05 09:25 --------- d-----w d:\program files\Fichiers communs\Apple
    2009-01-05 09:25 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2009-01-05 09:24 --------- d-----w d:\program files\Apple Software Update
    2009-01-05 09:24 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Apple
    2008-12-22 21:46 --------- d-----w d:\program files\Realtek AC97
    2008-12-22 17:24 99,776 ----a-w d:\windows\system32\drivers\snapman.sys
    2008-12-22 17:24 388,000 ----a-w d:\windows\system32\drivers\timntr.sys
    2008-12-22 17:24 32,288 ----a-w d:\windows\system32\drivers\tifsfilt.sys
    2008-12-22 17:23 --------- d-----w d:\program files\Fichiers communs\Acronis
    2008-12-22 17:23 --------- d-----w d:\program files\Acronis
    2006-05-31 11:08 88 --sh--r d:\documents and settings\All Users.WINDOWS\Application Data\290D17F78A.sys
    2006-05-31 11:08 2,516 --sha-w d:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
    2002-05-22 09:34 372 ----a-w d:\program files\sfmsi.dat
    2002-05-22 09:26 323,649 ----a-w d:\program files\forgeSetup.exe
    2002-05-20 12:33 1,822,520 ------w d:\program files\InstMsi-x86w.exe
    2002-05-20 12:32 1,708,856 ------w d:\program files\InstMsi-x86a.exe
    2002-04-18 16:29 509,984 ------w d:\program files\50comupd.exe
    2002-04-18 16:29 471,840 ------w d:\program files\hhupd.exe
    2002-04-18 16:29 44,544 ------w d:\program files\dsetup.dll
    2002-04-18 16:29 1,735,544 ------w d:\program files\wmfdist2.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-22_12.07.54.90 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-30 08:27:48 68,608 ----a-w d:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-01-30 08:28:05 72,192 ----a-w d:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-01-30 08:28:06 4,308,992 ----a-w d:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-01-30 08:28:08 482,304 ----a-w d:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-01-30 08:27:58 2,878,976 ----a-w d:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-01-30 08:27:40 258,048 ----a-w d:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-01-30 08:27:40 114,176 ----a-w d:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-01-30 08:28:18 260,096 ----a-w d:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-01-30 08:27:52 5,025,792 ----a-w d:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-01-30 08:27:47 10,752 ----a-w d:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-01-30 08:27:39 503,808 ----a-w d:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-01-30 08:27:42 13,312 ----a-w d:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-01-30 08:28:02 8,192 ----a-w d:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-01-30 08:28:03 36,864 ----a-w d:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-01-30 08:28:04 5,632 ----a-w d:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-01-30 08:27:43 413,696 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-01-30 08:27:44 36,864 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-01-30 08:27:45 647,168 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-01-30 08:27:46 73,728 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-01-30 08:27:42 745,472 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-01-30 08:28:22 110,592 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-01-30 08:28:21 372,736 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-01-30 08:26:46 28,672 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-01-30 08:28:20 667,648 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-01-30 08:28:22 5,632 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-01-30 08:27:38 12,800 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-01-30 08:27:35 32,768 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-01-30 08:27:36 7,168 ----a-w d:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-01-30 08:28:13 110,592 ----a-w d:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-01-30 08:27:49 81,920 ----a-w d:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-01-30 08:28:14 389,120 ----a-w d:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-01-30 08:28:09 716,800 ----a-w d:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-01-30 08:27:41 884,736 ----a-w d:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-01-30 08:28:01 5,050,368 ----a-w d:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-01-30 08:27:50 188,416 ----a-w d:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-01-30 08:27:50 397,312 ----a-w d:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-01-30 08:27:51 81,920 ----a-w d:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-01-30 08:28:16 700,416 ----a-w d:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-01-30 08:28:09 368,640 ----a-w d:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-01-30 08:28:17 258,048 ----a-w d:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-01-30 08:28:10 299,008 ----a-w d:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-01-30 08:28:12 131,072 ----a-w d:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-01-30 08:27:48 258,048 ----a-w d:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-01-30 08:27:51 114,688 ----a-w d:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-01-30 08:28:19 835,584 ----a-w d:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-01-30 08:27:53 86,016 ----a-w d:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-01-30 08:27:54 823,296 ----a-w d:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-01-30 08:27:55 5,316,608 ----a-w d:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-01-30 08:27:57 2,035,712 ----a-w d:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-01-30 08:28:16 3,018,752 ----a-w d:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-01-30 10:13:55 26,624 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5f251c73b2fcbb4ca748a10944c6bde5\Accessibility.ni.dll
    + 2009-02-02 14:34:45 860,160 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\42fcadc77218c54b8f069662cb2ae5e8\AspNetMMCExt.ni.dll
    + 2009-02-02 14:34:54 237,568 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\84c4d7a09fbddf459458864dfcb2e06b\CustomMarshalers.ni.dll
    + 2009-02-02 14:34:56 15,360 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1cdf1e2104050d4da8984ff5c04cdee1\dfsvc.ni.exe
    + 2009-02-02 14:35:08 880,640 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3a0591bd848b994db243a1da2d9047c5\Microsoft.Build.Engine.ni.dll
    + 2009-02-02 14:35:12 81,920 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d6b08ca9e91444419d66c24462e2320d\Microsoft.Build.Framework.ni.dll
    + 2009-02-02 14:36:04 1,691,648 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\de1889a881e4304eb2586c5762b3f849\Microsoft.Build.Tasks.ni.dll
    + 2009-02-02 14:36:09 163,840 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\604f6169cc89ad43b91f27ff84d9c8f7\Microsoft.Build.Utilities.ni.dll
    + 2009-02-02 14:37:00 1,724,416 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5582086b16147440ac59fced745d15c2\Microsoft.VisualBasic.ni.dll
    + 2009-01-30 08:29:22 11,415,552 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8bede41151b05040beeeb16f089d472f\mscorlib.ni.dll
    + 2009-02-02 14:37:09 962,560 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a0ff8ad1981dfe4484e162c460496b45\System.Configuration.ni.dll
    + 2009-01-30 08:31:02 6,688,768 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f679783fdfc5343b6c9028c9c9b8cc8\System.Data.ni.dll
    + 2009-02-02 14:37:23 1,712,128 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0f29340f4087194bb8f5d015893f6b1c\System.Deployment.ni.dll
    + 2009-01-30 08:31:27 10,723,328 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ccd0aa23787e9f40ae74c2c2be659328\System.Design.ni.dll
    + 2009-02-02 14:37:39 512,000 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a470437b0c906144ac268b9502f9f67a\System.DirectoryServices.Protocols.ni.dll
    + 2009-02-02 14:37:31 1,220,608 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ccc4439e78ac8b47a103452b00f6ee74\System.DirectoryServices.ni.dll
    + 2009-01-30 08:29:59 229,376 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e006853cebec064a987ce7fd8029150a\System.Drawing.Design.ni.dll
    + 2009-01-30 08:30:06 1,626,112 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4b71a91902d5004e84f0b61533c9bf2f\System.Drawing.ni.dll
    + 2009-02-02 14:38:01 659,456 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\231135ab8cd8a344bba48c0d888c6ef4\System.EnterpriseServices.ni.dll
    + 2009-02-02 14:38:00 294,912 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\231135ab8cd8a344bba48c0d888c6ef4\System.EnterpriseServices.Wrapper.dll
    + 2009-02-02 14:38:09 729,088 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e30b94630fdf454890d8ced9adf63609\System.Security.ni.dll
    + 2009-02-02 14:38:18 684,032 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\32b06bc342125f40bcd198d0f68a3f7a\System.Transactions.ni.dll
    + 2009-02-02 14:40:57 2,310,144 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2cf5d849e417df499b40a9f8e0177d77\System.Web.Mobile.ni.dll
    + 2009-02-02 14:41:00 237,568 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3becdc5a498de340857c35f359c42b74\System.Web.RegularExpressions.ni.dll
    + 2009-02-02 14:41:19 1,945,600 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\487a055fb255e44684f5356ebc6f8f3a\System.Web.Services.ni.dll
    + 2009-02-02 14:40:07 11,808,768 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3742689d80638a48a1fef5985ff50164\System.Web.ni.dll
    + 2009-01-30 08:30:32 13,107,200 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ee3b78f34894b7478fa17242e0189f0a\System.Windows.Forms.ni.dll
    + 2009-01-30 08:30:45 5,640,192 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\89b7827341747b498b29cffe60b8206c\System.Xml.ni.dll
    + 2009-01-30 08:29:55 8,093,696 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\System\379d91ff41687d44800f2c03aae92201\System.ni.dll
    + 2009-01-30 09:37:10 26,624 ----a-w d:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD1.tmp\Accessibility.dll
    + 2009-01-30 08:48:47 65,536 ----a-r d:\windows\Installer\{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}\SC_ReadMe.exe
    + 2009-01-30 08:48:47 69,632 ----a-r d:\windows\Installer\{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}\VideoSpin.exe
    - 2003-02-20 18:09:46 57,344 ----a-w d:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 06:28:52 72,704 ----a-w d:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 18:09:32 5,120 ----a-w d:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:52 7,680 ----a-w d:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:56 7,680 ----a-w d:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 06:28:58 7,680 ----a-w d:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 06:28:56 7,680 ----a-w d:\windows\Microsoft.NET\Framework\SharedReg12.dll
    - 2003-02-20 17:43:50 131,072 ----a-w d:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28:52 86,528 ----a-w d:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28:36 18,944 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 06:28:42 136,192 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 06:28:44 4,608 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 06:29:04 183,808 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 06:28:28 208,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 06:28:56 10,752 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 06:28:58 138,240 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 06:28:36 87,552 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 06:28:58 55,488 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 06:28:32 36,864 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 06:28:32 10,752 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 06:28:32 8,192 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 06:28:32 23,552 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 06:28:32 70,656 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 06:28:32 13,824 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 06:28:32 26,824 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 06:28:32 106,496 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 06:28:32 29,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 06:28:32 29,888 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 06:28:32 503,808 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 06:28:56 106,496 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 06:28:56 88,576 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 06:28:42 76,984 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 06:28:42 1,144,832 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 06:28:42 13,312 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 06:28:58 17,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 06:28:56 68,608 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 06:28:44 31,936 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 06:28:38 52,736 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 06:28:38 4,608 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 06:29:12 547,840 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 06:28:56 788,992 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 06:28:50 9,216 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 06:28:56 9,728 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 06:28:56 8,192 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 06:28:56 36,864 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 06:28:56 5,632 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 06:28:56 224,952 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 06:28:56 28,672 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 06:28:56 55,296 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 06:28:56 72,192 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 06:28:48 40,960 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 06:01:16 609,472 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 05:29:48 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 05:32:24 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 05:34:10 82,944 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 05:34:12 81,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 05:34:44 85,504 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 05:36:24 87,552 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 02:46:14 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 05:38:26 81,408 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 05:38:52 86,016 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 05:40:30 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 05:40:32 83,968 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 05:40:56 84,480 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 05:42:58 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 05:44:58 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 05:46:38 83,456 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 05:46:38 81,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 05:46:40 83,456 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 05:47:04 82,432 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 05:47:30 82,432 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 05:47:32 81,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 05:47:32 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 05:30:18 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 05:47:06 84,480 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 05:29:50 80,896 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 05:36:48 85,504 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 06:57:06 245,408 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 06:28:48 413,696 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 06:28:48 36,864 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 06:28:48 647,168 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 06:28:48 73,728 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 06:28:48 745,472 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 06:29:10 110,592 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 06:29:10 372,736 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 06:29:08 667,648 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 06:28:30 28,672 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 06:29:10 5,632 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 06:28:30 32,768 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 06:28:30 12,800 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 06:28:30 7,168 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 06:28:32 87,552 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 06:28:48 69,632 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 06:28:56 800,768 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 06:28:56 73,216 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 06:28:56 288,768 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 06:28:56 36,864 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 06:28:56 326,144 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 06:28:56 81,408 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 06:28:56 4,308,992 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 06:28:56 102,400 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 06:29:00 330,752 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 06:28:56 67,072 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 06:28:50 9,216 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 06:28:56 226,816 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 06:28:56 66,240 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 06:28:56 10,240 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 06:28:50 5,615,616 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 06:29:00 22,528 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 06:28:56 96,440 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 06:28:56 14,848 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 06:28:56 78,336 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 06:28:50 136,192 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 06:28:56 53,248 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 06:28:56 32,768 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 06:29:02 59,072 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 06:28:58 7,680 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 06:28:56 107,520 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 06:29:00 85,504 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 06:28:56 377,344 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 06:28:56 110,592 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 06:28:58 389,120 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 06:28:56 81,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 06:28:56 2,878,976 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 06:28:56 482,304 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 06:28:56 716,800 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 06:28:38 884,736 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 06:28:56 5,050,368 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 06:28:56 397,312 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 06:28:56 188,416 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 06:28:56 3,018,752 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 06:28:56 81,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 06:28:56 700,416 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 06:28:56 258,048 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 06:28:56 47,616 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 06:28:56 114,176 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 06:28:56 368,640 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 06:28:56 258,048 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 06:28:56 299,008 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 06:28:56 131,072 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 06:28:56 258,048 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 06:28:56 114,688 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 06:28:56 260,096 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 06:28:56 5,025,792 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 06:28:56 835,584 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 06:28:56 86,016 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 06:28:56 823,296 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 06:28:56 5,316,608 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 06:28:56 2,035,712 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 06:28:56 71,680 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 06:29:06 1,140,920 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 06:28:30 1,306,624 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 06:28:32 298,496 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 06:28:56 28,160 ----a-w d:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2002-01-05 01:18:20 84,992 ----a-w d:\windows\system32\atl70.dll
    - 2009-01-22 08:56:51 323,584 ----a-w d:\windows\system32\AUDIOGENIE2.DLL
    + 2009-01-31 11:39:01 323,584 ----a-w d:\windows\system32\AUDIOGENIE2.DLL
    - 2008-06-11 09:05:39 16,384 ----a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-16 14:17:11 32,768 ----a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-06-11 09:05:39 32,768 ----a-w d:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2009-02-16 14:17:11 32,768 ----a-w d:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2005-09-23 06:28:38 83,456 ----a-w d:\windows\system32\dfshim.dll
    + 2006-10-01 12:37:02 26,624 ----a-w d:\windows\system32\drivers\tap0801.sys
    - 2009-01-13 14:27:12 3,534,144 ----a-w d:\windows\system32\FNTCACHE.DAT
    + 2009-01-30 11:06:54 3,542,576 ----a-w d:\windows\system32\FNTCACHE.DAT
    + 2007-01-26 01:04:12 27,648 ----a-w d:\windows\system32\ma32.dll
    + 2007-01-26 01:04:12 138,752 ----a-w d:\windows\system32\mase32.dll
    + 2002-01-05 03:48:16 974,848 ----a-w d:\windows\system32\mfc70.dll
    + 2002-01-05 03:36:38 964,608 ----a-w d:\windows\system32\mfc70u.dll
    + 2005-12-12 06:57:10 32,768 ----a-w d:\windows\system32\MLPagAx.dll
    - 2004-07-14 21:34:06 16,896 ----a-w d:\windows\system32\mscorier.dll
    + 2005-09-23 06:28:52 150,016 ----a-w d:\windows\system32\mscorier.dll
    - 2003-02-20 18:09:14 106,496 ----a-w d:\windows\system32\mscories.dll
    + 2005-09-23 06:28:52 74,240 ----a-w d:\windows\system32\mscories.dll
    + 2002-01-05 02:38:38 54,784 ----a-w d:\windows\system32\msvci70.dll
    + 2002-01-05 02:40:20 487,424 ----a-w d:\windows\system32\msvcp70.dll
    + 2006-04-21 09:00:08 49,152 ----a-w d:\windows\system32\PCLEGetGuid.dll
    - 2009-01-19 08:16:03 53,608 ----a-w d:\windows\system32\perfc009.dat
    + 2009-01-30 08:31:38 63,188 ----a-w d:\windows\system32\perfc009.dat
    - 2009-01-19 08:16:03 64,492 ----a-w d:\windows\system32\perfc00C.dat
    + 2009-01-30 08:31:38 76,144 ----a-w d:\windows\system32\perfc00C.dat
    - 2009-01-19 08:16:03 383,254 ----a-w d:\windows\system32\perfh009.dat
    + 2009-01-30 08:31:38 403,968 ----a-w d:\windows\system32\perfh009.dat
    - 2009-01-19 08:16:03 447,772 ----a-w d:\windows\system32\perfh00C.dat
    + 2009-01-30 08:31:38 470,828 ----a-w d:\windows\system32\perfh00C.dat
    + 2007-06-21 21:55:02 401,408 ----a-w d:\windows\system32\pvmjpg30.dll
    + 2006-03-28 22:45:46 184,320 ----a-w d:\windows\system32\RALMain.dll
    - 2009-01-22 08:56:57 156,672 ----a-w d:\windows\system32\rmc_fixasf.exe
    + 2009-01-31 11:39:04 156,672 ----a-w d:\windows\system32\rmc_fixasf.exe
    - 2009-01-22 08:56:57 237,568 ----a-w d:\windows\system32\rmc_rtspdl.dll
    + 2009-01-31 11:39:04 237,568 ----a-w d:\windows\system32\rmc_rtspdl.dll
    + 2006-12-14 08:53:58 15,072 ------w d:\windows\system32\spmsg.dll
    - 2008-12-11 15:05:03 83,872 ----a-w d:\windows\system32\spool\drivers\w32x86\3\Youn.DAT
    + 2009-02-14 11:16:05 83,872 ----a-w d:\windows\system32\spool\drivers\w32x86\3\Youn.DAT
    + 2006-01-09 08:36:06 40,960 ----a-w d:\windows\system32\swsc.exe
    + 2005-09-23 06:29:16 479,232 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    + 2005-09-23 06:29:16 548,864 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2005-09-23 06:29:16 626,688 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2009-01-30 08:27:40 258,048 ----a-w d:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-01-30 08:27:40 114,176 ----a-w d:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="d:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
    "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-04-16 7569408]
    "HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
    "DeviceDiscovery"="d:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
    "avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-07-21 1106531]
    "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-04-16 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-19 d:\windows\RTHDCPL.EXE]
    "SoundMan"="SOUNDMAN.EXE" [2003-03-03 d:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.mjpg"= pvmjpg30.dll

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=d:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=d:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=d:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
    path=d:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
    backup=d:\windows\pss\Metacafe.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
    path=d:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
    backup=d:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^SMCWUSB-G 802.11g Wireless USB Utility.lnk]
    path=d:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\SMCWUSB-G 802.11g Wireless USB Utility.lnk
    backup=d:\windows\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2006-07-21 00:13 126976 d:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2006-07-21 00:15 1848218 d:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
    --a------ 2005-03-28 14:25 1011712 d:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2003-06-25 11:24 49152 d:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2003-07-28 14:43 188416 d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 d:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 15:09 413696 d:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-10-18 15:56 68856 d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2003-04-02 03:20 12288 d:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-19 15:10 110592 d:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-04-16 15:51 1519616 d:\windows\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\RALINK\\Common\\RaUI.exe"=
    "d:\\Program Files\\Interplay\\Virtual Pool 3\\vp3.exe"=
    "d:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"=
    "d:\\Program Files\\D-Link\\AirPlus XtremeG\\ANIO.exe"=
    "d:\\Program Files\\D-Link\\AirPlus XtremeG\\ANIWZCS2.exe"=
    "d:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "d:\\Program Files\\Messenger\\msmsgs.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "d:\\Program Files\\Acronis\\TrueImageEnterpriseServer\\TrueImage.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "k:\\PcTools\\PcTools\\TunCard\\DVR\\IPInstallerEng.exe"=
    "d:\\Program Files\\Interplay\\Virtual Pool 3\\patcher.exe"=
    "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)

    R2 parevo;parevo;d:\windows\system32\drivers\parevo.sys [2008-03-19 20428]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);d:\windows\system32\drivers\A3AB.sys [2006-08-09 450400]
    S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);d:\windows\system32\DRIVERS\SMCWGU.sys --> d:\windows\system32\DRIVERS\SMCWGU.sys [?]
    S3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
    S3 tap0901;TAP-Win32 Adapter V9;d:\windows\system32\drivers\tap0901.sys [2007-04-26 25088]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a044449-f697-11dc-80d5-806d6172696f}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a04444a-f697-11dc-80d5-806d6172696f}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb68582-f501-11dc-b253-0015f2a4e574}]
    \Shell\AutoRun\command - N:\xn1i9x.com
    \Shell\explore\Command - N:\xn1i9x.com
    \Shell\open\Command - N:\xn1i9x.com
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = local
    IE: English<->Arabic - d:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    IE: SYSTRAN: &Effacer le cache de traduction - d:\program files\Systran\Premium\menuClearCache.html
    IE: SYSTRAN: &Options - d:\program files\Systran\Premium\menuConfigure.html
    IE: SYSTRAN: &Traduire - d:\program files\Systran\Premium\menuTranslate.html
    IE: SYSTRAN: En®istrement - d:\program files\Systran\Premium\menuRegister.html
    IE: SYSTRAN: Rechercher les &mises à jour - d:\program files\Systran\Premium\menuUpdate.html
    IE: SYSTRAN: Traduire les &cadres - d:\program files\Systran\Premium\menuTranslateAll.html
    IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuTranslate.html
    IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuTranslateAll.html
    IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuConfigure.html
    IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuClearCache.html
    IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuRegister.html
    IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - d:\program files\Systran\Premium\MenuUpdates.html
    IE: {{A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - d:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    FF - ProfilePath - d:\documents and settings\Administrateur.STANDARD\Application Data\Mozilla\Firefox\Profiles\bjpb2beb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
    FF - plugin: d:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-16 16:18:22
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\Administrator\SOFTWARE\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,11,c7,93,d2,50,
    bd,f6,6d,c8,28,51,af,b0,29,a3,98,26,73,91,24,4b,d4,af,ca,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6e,db,8a,dd,fc,
    cb,d8,4f,71,3b,04,66,8b,46,0d,96,1b,b9,24,9e,c9,c3,d6,3f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,db,99,78,bf,a3,
    2e,fa,6c,25,da,ec,7e,55,20,c9,26,8c,b7,02,41,59,b9,63,6a,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,4b,98,60,d0,0c,
    ec,b0,87,3e,1e,9e,e0,57,5a,93,61,a2,04,64,cd,4a,50,5b,c9,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,89,28,17,26,39,
    68,64,44,cd,44,cd,b9,a6,33,6c,cd,cd,d8,32,7d,ba,15,1e,3c,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,44,b3,d6,af,35,
    3b,1f,a5,b0,18,ed,a7,3f,8d,37,a4,0c,55,a4,69,2e,f3,69,58,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,81,34,36,a2,36,
    9f,0e,16,31,77,e1,ba,b1,f8,68,02,bd,ed,fd,62,3e,be,17,e9,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,48,b1,52,86,20,
    55,2b,e2,83,6c,56,8b,a0,85,96,ab,e5,e9,99,62,33,fd,50,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6a,6f,8a,ab,2e,
    79,df,d3,51,fa,6e,91,28,9e,14,cc,cd,4e,32,b9,e8,8c,16,74,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,2d,e8,16,3b,f2,
    9b,51,42,b1,cd,45,5a,a8,c4,f8,b9,6b,cd,a4,2f,fc,3c,24,54,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,6c,5e,2f,7a,94,
    f3,52,41,e3,0e,66,d5,eb,bc,2f,6b,04,ef,92,77,42,4e,cc,95,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b6,b1,ef,bd,d3,
    4a,06,7a,fa,ea,66,7f,d4,3b,6b,70,0f,64,a8,d9,b7,18,b1,81,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(708)
    d:\windows\system32\relog_ap.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    d:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    d:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    d:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    d:\windows\system32\drivers\CDAC11BA.EXE
    d:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    d:\windows\system32\nvsvc32.exe
    d:\windows\system32\wscntfy.exe
    d:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-16 16:23:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-16 15:23:17
    ComboFix2.txt 2009-01-22 11:09:41

    Avant-CF: 6,413,385,728 octets libres
    Après-CF: 6,374,707,200 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    649 --- E O F --- 2009-02-16 08:56:27
    ___________________________________________________________
    m
    0
    l
    Contenus similaires
    a b 8 Sécurité
    16 Février 2009 21:04:20

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    m
    0
    l
    17 Février 2009 17:12:18

    Bonsoir Angeldark, ci dessous le rapport de MBAM:

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1768
    Windows 5.1.2600 Service Pack 2

    17/02/2009 16:49:45
    mbam-log-2009-02-17 (16-49-45).txt

    Type de recherche: Examen complet (C:\|D:\|K:\|)
    Eléments examinés: 245683
    Temps écoulé: 1 hour(s), 37 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\Documents and Settings\Administrateur.STANDARD\Bureau\SMC hack signal\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    K:\PcTools\PcTools\Sound Forge 7.0 + ssg keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    __________________________________________________________
    m
    0
    l
    18 Février 2009 09:18:09

    Bonjour Angeldark,
    est-ce-que tout est rentré dans l'ordre pour moi??
    j'ai un nouveau problème après la démarche qu'on a fait, toutes fois le problème de Generic Host est résolu mais maintenant j'ai un problème de lenteur lors de l'affichage des pages web : par exemple ca matin pour me connecter sur "http://www.infos-du-net.com" mon ordinateur a mis plus de 8mn pour afficher la page au complet??!!! de plus je veux consulter mon mail sur yahoo et je n'y arrive pas à cause de ce problème!!!??
    m
    0
    l
    a b 8 Sécurité
    18 Février 2009 18:14:46

    Reposte un rapport Hijackthis.
    m
    0
    l
    19 Février 2009 09:02:11

    Bonjour Angeldark,
    voici le rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:00:22, on 19/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\system32\drivers\CDAC11BA.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\slserv.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\slrundll.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HPBootOp] "D:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: English<->Arabic - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - D:\Program Files\Systran\Premium\menuClearCache.html
    O8 - Extra context menu item: SYSTRAN: &Options - D:\Program Files\Systran\Premium\menuConfigure.html
    O8 - Extra context menu item: SYSTRAN: &Traduire - D:\Program Files\Systran\Premium\menuTranslate.html
    O8 - Extra context menu item: SYSTRAN: En®istrement - D:\Program Files\Systran\Premium\menuRegister.html
    O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - D:\Program Files\Systran\Premium\menuUpdate.html
    O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - D:\Program Files\Systran\Premium\menuTranslateAll.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O9 - Extra 'Tools' menuitem: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99B8772E-7341-46A3-A101-2D7293F306B0}: NameServer = 213.150.176.196 193.95.67.22
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 9467 bytes
    ____________________________________________________
    m
    0
    l
    a b 8 Sécurité
    19 Février 2009 13:24:31

    Re,

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    C'est apparemment ok.
    m
    0
    l
    19 Février 2009 14:10:46

    Re,

    j'ai procédé comme tu m'as indiqué mais rien n'a changé pour ma navigation surtout l'accés à ma boite mail??!!! dois-je redémarrer l'ordinateur après avoir effectuer "Fix Checked ! " ??

    voici le nouveau rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:09:50, on 19/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\system32\drivers\CDAC11BA.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\slserv.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    D:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
    D:\WINDOWS\explorer.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\slrundll.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HPBootOp] "D:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: English<->Arabic - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - D:\Program Files\Systran\Premium\menuClearCache.html
    O8 - Extra context menu item: SYSTRAN: &Options - D:\Program Files\Systran\Premium\menuConfigure.html
    O8 - Extra context menu item: SYSTRAN: &Traduire - D:\Program Files\Systran\Premium\menuTranslate.html
    O8 - Extra context menu item: SYSTRAN: En®istrement - D:\Program Files\Systran\Premium\menuRegister.html
    O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - D:\Program Files\Systran\Premium\menuUpdate.html
    O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - D:\Program Files\Systran\Premium\menuTranslateAll.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - D:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O9 - Extra 'Tools' menuitem: English<->Arabic - {A0ED02CB-40C8-4745-9B4B-A88AD89C6EE8} - D:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99B8772E-7341-46A3-A101-2D7293F306B0}: NameServer = 213.150.176.196 193.95.67.22
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 9415 bytes
    __________________________________________________
    m
    0
    l
    a b 8 Sécurité
    19 Février 2009 14:39:09

    Ce qu'on a fait avec Hijackthis, c'était juste virer deux lignes très superflues. Tes problèmes ne sont pas liés à l'infection pour moi.
    m
    0
    l
    21 Février 2009 09:21:37

    d'accord.., Merci pour votre aide.
    m
    0
    l
    a b 8 Sécurité
    21 Février 2009 13:25:48

    Bonne chance.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS