Votre question

Pc lent suite à infection virus + fenetre pub sur IE

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Décembre 2008 14:16:52

Bonjour,

ma frangine a chopé un virus via MSN elle clique à tout bout de champs sur les liens :D .

Bref l'antivirus l'a enlevé (avg) une fois mis à jour mais il y a encore des choses qui clochent.

VOici le rapport, merci de m'aider et de me dire s'il est bel et bien vérolé.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:35, on 27/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\A360\av360.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {07A4A773-1F93-4CFC-B7BD-473682528E4D} - C:\WINDOWS\system32\qoMcabbY.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {c8c5ffec-05a1-7b28-8374-f2e33be5697c} - {c7965eb3-3e2f-4738-82b7-1a50ceff5c8c} - C:\WINDOWS\system32\bbqcfn.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2cc4e61c] rundll32.exe "C:\WINDOWS\system32\suyqhqls.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [92137723420782782892139381433937] C:\Program Files\A360\av360.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll bbqcfn.dll
O20 - Winlogon Notify: nnnnMFyX - nnnnMFyX.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

--
End of file - 8628 bytes

Autres pages sur : lent suite infection virus fenetre pub

a b 8 Sécurité
27 Décembre 2008 16:09:01

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    27 Décembre 2008 16:25:11

    Merci de ton aide.

    Voici le rapport demandé.

    ComboFix 08-12-26.03 - Philippe 2008-12-27 16:16:01.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.275 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Philippe\Bureau\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Philippe\Bureau\Antivirus 360.lnk
    c:\documents and settings\Philippe\Menu D‚marrer\Antivirus 360
    c:\documents and settings\Philippe\Menu Démarrer\Antivirus 360\Antivirus 360.lnk
    c:\documents and settings\Philippe\Menu Démarrer\Antivirus 360\Help.lnk
    c:\documents and settings\Philippe\Menu Démarrer\Antivirus 360\Registration.lnk
    c:\program files\A360
    c:\program files\A360\av360.exe
    c:\windows\system32\bbqcfn.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mtxnngyk.dll
    c:\windows\system32\rinskkgn.dll
    c:\windows\system32\suyqhqls.dll
    c:\windows\system32\wufsvg.dll
    c:\windows\system32\YbbacMoq.ini
    c:\windows\system32\YbbacMoq.ini2

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://childhe.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-27 14:13 . 2008-12-27 14:13 <REP> d-------- c:\program files\Trend Micro
    2008-12-27 10:03 . 2008-12-27 10:03 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Lavasoft
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-27 09:56 . 2008-12-27 09:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-11 20:15 . 2008-12-26 21:10 1,765,517 ---hs---- c:\windows\system32\slqhqyus.ini
    2008-12-11 20:13 . 2008-12-11 20:13 0 --a------ C:\ntf32.exe
    2008-12-11 19:20 . 2008-12-25 12:38 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-11 19:16 . 2008-12-27 09:38 <REP> d-------- c:\windows\system32\drivers\Avg
    2008-12-11 19:16 . 2008-12-11 20:27 <REP> d-------- c:\documents and settings\Philippe\Application Data\AVGTOOLBAR
    2008-12-11 19:16 . 2008-12-11 19:16 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
    2008-12-11 19:16 . 2008-12-11 19:16 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\program files\AVG
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-09 21:25 . 2008-12-09 21:25 <REP> dr-hs---- C:\CONFIG
    2008-12-09 18:14 . 2008-12-11 19:08 1,547,084 ---hs---- c:\windows\system32\hcyrdrhv.ini
    2008-12-08 19:41 . 2008-12-08 19:43 1,025 --a------ C:\wny.exe
    2008-12-08 19:35 . 2008-12-08 19:38 1,025 --a------ C:\osy.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-27 15:20 --------- d-----w c:\program files\Wanadoo
    2008-12-27 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-26 22:16 --------- d-----w c:\program files\eMule
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-01 282624]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-12 1261336]
    "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=,avgrsstx.dll bbqcfn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-11 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-11 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-11 90632]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-11 874776]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
    c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-27 c:\windows\Tasks\A3510B4091868824.job
    - c:\docume~1\philippe\applic~1\drives~1\storetimejoy.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{07A4A773-1F93-4CFC-B7BD-473682528E4D} - c:\windows\system32\qoMcabbY.dll
    BHO-{c7965eb3-3e2f-4738-82b7-1a50ceff5c8c} - c:\windows\system32\bbqcfn.dll
    HKCU-Run-92137723420782782892139381433937 - c:\program files\A360\av360.exe
    Notify-nnnnMFyX - nnnnMFyX.dll


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.orange.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: { - c:\program files\Messenger\msmsgs.exe

    c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
    c:\windows\Downloaded Program Files\AdVerifierADP.dll
    c:\windows\Downloaded Program Files\AdSignerADP.dll
    O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
    hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    c:\windows\Downloaded Program Files\AdSignerADP.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-27 16:20:13
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\FTRTSVC.exe
    c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    c:\progra~1\Wanadoo\TaskBarIcon.exe
    c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    c:\progra~1\Wanadoo\GestionnaireInternet.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\windows\system32\wdfmgr.exe
    c:\progra~1\Wanadoo\ComComp.exe
    c:\progra~1\AVG\AVG8\avgam.exe
    c:\progra~1\Wanadoo\Toaster.exe
    c:\progra~1\Wanadoo\Inactivity.exe
    c:\progra~1\Wanadoo\PollingModule.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-27 16:22:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-12-27 15:22:41

    Avant-CF: 54ÿ908ÿ661ÿ760 octets libres
    AprÞs-CF: 54,868,316,160 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    Contenus similaires
    a b 8 Sécurité
    28 Décembre 2008 19:09:41

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    28 Décembre 2008 23:05:10

    Voici le log comme demandé.


    Malwarebytes' Anti-Malware 1.31
    Database version: 1563
    Windows 5.1.2600 Service Pack 3

    28/12/2008 22:59:54
    mbam-log-2008-12-28 (22-59-54).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 124199
    Time elapsed: 1 hour(s), 29 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\bbqcfn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mtxnngyk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rinskkgn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\suyqhqls.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wufsvg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4981C870-954B-4A13-867A-6A5971846E65}\RP556\A0052773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4981C870-954B-4A13-867A-6A5971846E65}\RP556\A0052774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4981C870-954B-4A13-867A-6A5971846E65}\RP556\A0052775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4981C870-954B-4A13-867A-6A5971846E65}\RP556\A0052776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4981C870-954B-4A13-867A-6A5971846E65}\RP556\A0052777.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


    a b 8 Sécurité
    29 Décembre 2008 14:42:47

    Reposte un rapport Hijackthis :) 
    30 Décembre 2008 01:09:18

    Et voila le nouveau
    J'ai fait en parallèle la maj de windows en SP3.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:05:52, on 29/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll bbqcfn.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    a b 8 Sécurité
    30 Décembre 2008 13:17:56

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\windows\system32\hcyrdrhv.ini
    C:\wny.exe
    C:\osy.exe

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=,avgrsstx.dll


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    30 Décembre 2008 19:39:51

    ComboFix 08-12-29.02 - Philippe 2008-12-30 19:13:31.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.132 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Philippe\Bureau\secu\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Philippe\Bureau\secu\CFScript.txt
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\hcyrdrhv.ini
    c:\windows\system32\slqhqyus.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 10:11 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-12-29 10:11 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-12-28 21:30 . 2008-12-28 21:30 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-28 21:29 . 2007-04-01 09:20 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-28 21:29 . 2008-12-28 21:29 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\Philippe\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-28 21:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-28 21:25 . 2008-12-28 21:25 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Search
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-28 17:55 . 2008-12-28 17:55 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Desktop Search
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\windows\system32\GroupPolicy
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\program files\Windows Desktop Search
    2008-12-28 17:53 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
    2008-12-28 17:53 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
    2008-12-28 17:53 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
    2008-12-28 17:47 . 2008-12-28 17:47 <REP> d-------- c:\program files\Windows Media Connect 2
    2008-12-28 17:45 . 2008-12-28 17:45 <REP> d-------- c:\windows\system32\LogFiles
    2008-12-28 17:45 . 2008-12-28 17:46 <REP> d-------- c:\windows\system32\drivers\UMDF
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\fr
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\bits
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\l2schemas
    2008-12-28 15:53 . 2008-12-28 15:58 <REP> d-------- c:\windows\ServicePackFiles
    2008-12-27 18:21 . 2008-12-29 14:11 1,393 --a------ c:\windows\imsins.BAK
    2008-12-27 14:13 . 2008-12-27 14:13 <REP> d-------- c:\program files\Trend Micro
    2008-12-27 10:03 . 2008-12-27 10:03 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Lavasoft
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-27 09:56 . 2008-12-27 09:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-11 20:13 . 2008-12-11 20:13 0 --a------ C:\ntf32.exe
    2008-12-11 19:20 . 2008-12-25 12:38 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-11 19:16 . 2008-12-29 19:08 <REP> d-------- c:\windows\system32\drivers\Avg
    2008-12-11 19:16 . 2008-12-11 20:27 <REP> d-------- c:\documents and settings\Philippe\Application Data\AVGTOOLBAR
    2008-12-11 19:16 . 2008-12-11 19:16 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
    2008-12-11 19:16 . 2008-12-11 19:16 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\program files\AVG
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-09 21:25 . 2008-12-09 21:25 <REP> dr-hs---- C:\CONFIG
    2008-12-08 19:41 . 2008-12-08 19:43 1,025 --a------ C:\wny.exe
    2008-12-08 19:35 . 2008-12-08 19:38 1,025 --a------ C:\osy.exe
    2008-11-13 18:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-30 17:36 --------- d-----w c:\program files\Wanadoo
    2008-12-29 17:44 --------- d-----w c:\program files\MSN Messenger
    2008-12-28 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-27 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-26 22:16 --------- d-----w c:\program files\eMule
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-27_16.21.53.64 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\updspapi.dll
    - 2004-08-03 23:07:10 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
    + 2004-08-03 23:07:10 82,944 -c----w c:\windows\$NtUninstallKB946648_0$\msgsc.dll
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\updspapi.dll
    - 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
    + 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762_0$\rmcast.sys
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\updspapi.dll
    - 2005-07-26 04:39:57 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll
    + 2005-07-26 04:39:57 243,200 -c----w c:\windows\$NtUninstallKB950974_0$\es.dll
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:29 406,392 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\updspapi.dll
    - 2007-08-21 06:17:23 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
    + 2007-08-21 06:17:23 683,520 -c----w c:\windows\$NtUninstallKB951066_0$\inetcomm.dll
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\updspapi.dll
    - 2008-04-14 15:52:45 272,768 -c----w c:\windows\$NtUninstallKB951376-v2$\bthport.sys
    + 2008-04-14 15:52:45 272,768 -c----w c:\windows\$NtUninstallKB951376-v2_0$\bthport.sys
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB951376_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB951376_0$\spuninst\updspapi.dll
    - 2007-10-29 22:43:32 1,293,824 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll
    + 2007-10-29 22:43:32 1,293,824 -c----w c:\windows\$NtUninstallKB951698_0$\quartz.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB951698_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB951698_0$\spuninst\updspapi.dll
    - 2004-08-05 12:00:00 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys
    - 2008-02-20 05:35:05 148,992 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll
    - 2004-08-05 12:00:00 247,808 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll
    - 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys
    + 2004-08-05 12:00:00 138,496 -c----w c:\windows\$NtUninstallKB951748_0$\afd.sys
    + 2008-02-20 05:35:05 148,992 -c----w c:\windows\$NtUninstallKB951748_0$\dnsapi.dll
    + 2004-08-05 12:00:00 247,808 -c----w c:\windows\$NtUninstallKB951748_0$\mswsock.dll
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB951748_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:29 406,392 -c----w c:\windows\$NtUninstallKB951748_0$\spuninst\updspapi.dll
    + 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    + 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748_0$\tcpip6.sys
    - 2004-08-05 12:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
    + 2004-08-05 12:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287_0$\msadce.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB952287_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB952287_0$\spuninst\updspapi.dll
    - 2005-06-29 01:49:41 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll
    + 2005-06-29 01:49:41 74,240 -c----w c:\windows\$NtUninstallKB952954_0$\mscms.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB952954_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB952954_0$\spuninst\updspapi.dll
    - 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
    + 2007-11-30 12:39:29 234,872 -c----w c:\windows\$NtUninstallKB954211_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB954211_0$\spuninst\updspapi.dll
    + 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\$NtUninstallKB954211_0$\win32k.sys
    - 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
    - 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
    + 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803_0$\afd.sys
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956803_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB956803_0$\spuninst\updspapi.dll
    - 2007-02-28 16:02:36 2,059,648 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    - 2007-02-28 16:02:36 2,182,400 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    + 2007-02-28 16:02:21 2,138,112 -c----w c:\windows\$NtUninstallKB956841_0$\ntkrnlmp.exe
    + 2007-02-28 16:02:36 2,059,648 -c----w c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
    + 2007-02-28 16:02:21 2,017,792 -c----w c:\windows\$NtUninstallKB956841_0$\ntkrpamp.exe
    + 2007-02-28 16:02:36 2,182,400 -c----w c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB956841_0$\spuninst\spuninst.exe
    + 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB956841_0$\spuninst\updspapi.dll
    - 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB957095_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB957095_0$\spuninst\updspapi.dll
    + 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095_0$\srv.sys
    - 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
    - 2006-08-17 12:29:49 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
    + 2006-08-17 12:29:49 332,288 -c----w c:\windows\$NtUninstallKB958644_0$\netapi32.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB958644_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB958644_0$\spuninst\updspapi.dll
    + 2005-05-03 19:32:18 57,344 -c----w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\PINNACLESYS\osql.exe
    + 2005-05-03 19:58:28 163,840 -c----w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\PINNACLESYS\replmerg.exe
    + 2005-05-03 22:02:24 315,392 -c----w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\PINNACLESYS\replrec.dll
    + 2005-05-03 22:04:28 9,150,464 -c----w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\PINNACLESYS\sqlservr.exe
    + 2008-05-25 16:45:06 2,316,288 -c----w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\PINNACLESYS\sqlstpcustomdll.dll
    + 2008-05-25 16:45:06 57,344 ----a-w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\OSQL.exe
    + 2007-12-25 21:26:22 213,216 ------w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe
    + 2008-05-25 16:45:06 2,316,288 ----a-w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
    + 2007-12-25 21:26:22 371,424 ------w c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\updspapi.dll
    + 2008-04-14 02:33:18 39,424 ------w c:\windows\AppPatch\acadproc.dll
    - 2004-08-05 12:00:00 1,852,416 ----a-w c:\windows\AppPatch\AcGenral.dll
    + 2008-04-14 02:33:18 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
    - 2004-08-05 12:00:00 450,048 ----a-w c:\windows\AppPatch\AcLayers.dll
    + 2008-04-14 02:33:18 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
    - 2004-08-05 12:00:00 137,728 ----a-w c:\windows\AppPatch\AcLua.dll
    + 2008-04-14 02:33:18 141,312 ----a-w c:\windows\AppPatch\aclua.dll
    - 2004-08-05 12:00:00 244,736 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    + 2008-04-14 02:33:18 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
    - 2004-08-05 12:00:00 116,224 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    + 2008-04-14 02:33:18 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
    + 2008-12-28 16:38:46 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-12-28 16:38:54 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-12-28 16:38:54 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-12-28 16:38:55 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-12-28 16:38:51 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-12-28 16:38:41 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-12-28 16:38:41 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-12-28 16:39:01 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-12-28 16:38:48 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-12-28 16:38:45 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-12-28 16:41:07 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    + 2008-12-28 16:38:41 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-12-28 16:38:43 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-12-28 16:38:52 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-12-28 16:38:53 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-12-28 16:38:53 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-12-28 16:41:11 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2008-12-28 16:38:43 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-12-28 16:38:44 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-12-28 16:41:11 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    + 2008-12-28 16:38:44 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-12-28 16:41:11 10,240 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    + 2008-12-28 16:38:45 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-12-28 16:41:07 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
    + 2008-12-28 16:38:43 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-12-28 16:41:14 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    + 2008-12-28 16:39:03 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-12-28 16:41:14 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    + 2008-12-28 16:39:02 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-12-28 16:41:14 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    + 2008-12-28 16:38:38 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-12-28 16:39:02 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-12-28 16:39:03 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2008-12-28 16:38:41 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-12-28 16:38:40 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-12-28 16:38:40 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-12-28 16:41:11 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
    + 2008-12-28 16:41:13 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
    + 2008-12-28 16:38:57 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-12-28 16:41:12 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
    + 2008-12-28 16:38:46 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-12-28 16:41:14 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
    + 2008-12-28 16:38:59 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-12-28 16:41:12 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
    + 2008-12-28 16:41:09 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
    + 2008-12-28 16:41:12 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
    + 2008-12-28 16:38:56 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-12-28 16:41:07 385,024 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
    + 2008-12-28 16:38:42 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-12-28 16:41:10 544,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
    + 2008-12-28 16:38:52 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-12-28 16:41:08 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    + 2008-12-28 16:38:47 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-12-28 16:41:08 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
    + 2008-12-28 16:38:47 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-12-28 16:41:12 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
    + 2008-12-28 16:38:47 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-12-28 16:41:10 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
    + 2008-12-28 16:39:00 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-12-28 16:41:08 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
    + 2008-12-28 16:41:13 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
    + 2008-12-28 16:38:56 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-12-28 16:41:10 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
    + 2008-12-28 16:39:00 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-12-28 16:41:10 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
    + 2008-12-28 16:41:13 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
    + 2008-12-28 16:38:56 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-12-28 16:41:13 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
    + 2008-12-28 16:38:57 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-12-28 16:41:08 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
    + 2008-12-28 16:38:45 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-12-28 16:41:08 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
    + 2008-12-28 16:38:48 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-12-28 16:41:13 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
    + 2008-12-28 16:41:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    + 2008-12-28 16:39:01 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-12-28 16:38:48 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-12-28 16:41:09 610,304 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
    + 2008-12-28 16:41:09 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
    + 2008-12-28 16:38:49 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-12-28 16:41:09 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
    + 2008-12-28 16:38:50 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-12-28 16:41:09 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
    + 2008-12-28 16:38:50 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-12-28 16:38:59 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-12-28 16:42:57 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9dbefea65f668842b6194efcc8d4c77b\Accessibility.ni.dll
    + 2008-12-28 16:43:07 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\9ac2743ec559b04abc3aa3a20ac148da\AspNetMMCExt.ni.dll
    + 2008-12-28 16:43:10 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7c495af485e00c499d852b1a18236027\CustomMarshalers.ni.dll
    + 2008-12-28 16:43:08 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\0779c51fe188d44196ff4f9f2d806247\dfsvc.ni.exe
    + 2008-12-28 16:43:20 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f5b43095207db94497ba5768691d2c11\Microsoft.Build.Engine.ni.dll
    + 2008-12-28 16:43:22 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8224570901e974449ee37ba1aaecf73b\Microsoft.Build.Framework.ni.dll
    + 2008-12-28 16:43:34 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c2e1fa3628410549ade7bab16fa7ac75\Microsoft.Build.Tasks.ni.dll
    + 2008-12-28 16:43:36 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\02ec646659cfb84580d37c8687d1b472\Microsoft.Build.Utilities.ni.dll
    + 2008-12-28 16:43:43 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a712cbd390d7634a981d113066c22510\Microsoft.VisualBasic.ni.dll
    + 2008-12-28 16:39:38 11,411,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\25b49cd940276f4d850ab5980536199f\mscorlib.ni.dll
    + 2008-12-28 16:43:45 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d76a831f8031bd4385deaa9511beafaa\System.Configuration.ni.dll
    + 2008-12-28 16:40:32 6,688,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b094227d7b19454ba928babbcd610820\System.Data.ni.dll
    + 2008-12-28 16:43:50 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9f9d3fa807a53543bdef6a0f7a26afc5\System.Deployment.ni.dll
    + 2008-12-28 16:40:47 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\6d28af93c42aeb41bc33ad3451e8ba24\System.Design.ni.dll
    + 2008-12-28 16:43:55 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7521d108b1528f439092c671d54219e3\System.DirectoryServices.ni.dll
    + 2008-12-28 16:43:59 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b70da61b80186448a91d42207e2bb83f\System.DirectoryServices.Protocols.ni.dll
    + 2008-12-28 16:39:54 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a32224bae4b48f4bb82e83b4ad65065f\System.Drawing.Design.ni.dll
    + 2008-12-28 16:39:58 1,626,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab80f11594a2ee4b8858d493b1ac297d\System.Drawing.ni.dll
    + 2008-12-28 16:44:04 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d2b738383005504cb99580c751c578a7\System.EnterpriseServices.ni.dll
    + 2008-12-28 16:44:03 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d2b738383005504cb99580c751c578a7\System.EnterpriseServices.Wrapper.dll
    + 2008-12-28 16:44:07 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\b9ef03dd1338f544aa3135da77ba7003\System.Security.ni.dll
    + 2008-12-28 16:44:11 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\da50a6b7187f7140b43cfaabd8124644\System.Transactions.ni.dll
    + 2008-12-28 16:45:07 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\525ad4e9bf5b70488c1355e738d3866b\System.Web.Mobile.ni.dll
    + 2008-12-28 16:45:08 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\ac966ed0b5ed514fbc7bc106edc406c9\System.Web.RegularExpressions.ni.dll
    + 2008-12-28 16:45:13 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a4ceb3c33cca93419af36b36e6287af3\System.Web.Services.ni.dll
    + 2008-12-28 16:44:51 11,808,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2924fdd33851314489fbb77db8098bda\System.Web.ni.dll
    + 2008-12-28 16:40:15 13,107,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ce84848f13526f45aedd2b5dfea4c601\System.Windows.Forms.ni.dll
    + 2008-12-28 16:40:23 5,640,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\572f8021cfc543448ef3e781ed97b743\System.Xml.ni.dll
    + 2008-12-28 16:39:53 8,093,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\c8968f8d2299e84990d7d43a2c35d434\System.ni.dll
    - 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
    + 2008-06-14 17:33:37 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
    - 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
    - 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 13:23:44 2,147,328 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 13:23:49 2,068,096 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 13:23:44 2,025,984 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-08-14 13:23:49 2,191,232 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-04-14 02:34:10 58,368 ------w c:\windows\ehome\medctrro.exe
    - 2007-06-13 13:22:28 1,037,312 ----a-w c:\windows\explorer.exe
    + 2008-04-14 02:34:03 1,037,824 ----a-w c:\windows\explorer.exe
    - 2004-08-05 12:00:00 34,816 ----a-w c:\windows\Help\sniffpol.dll
    + 2008-04-14 02:33:41 34,816 ----a-w c:\windows\Help\sniffpol.dll
    - 2004-08-05 12:00:00 33,280 ----a-w c:\windows\Help\sstub.dll
    + 2008-04-14 02:33:46 33,280 ----a-w c:\windows\Help\sstub.dll
    - 2004-08-05 12:00:00 279,040 ----a-w c:\windows\Help\tshoot.dll
    + 2008-04-14 02:33:46 279,040 ----a-w c:\windows\Help\tshoot.dll
    - 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
    + 2008-04-14 02:34:06 10,752 ----a-w c:\windows\hh.exe
    + 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
    + 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
    + 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
    + 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
    + 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
    + 2008-08-25 08:39:40 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
    + 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
    + 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
    + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
    + 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
    + 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
    + 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
    + 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
    + 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
    + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
    + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
    + 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
    + 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
    + 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
    + 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
    + 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
    + 2008-08-26 08:11:52 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
    + 2008-08-26 08:11:52 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
    + 2008-08-26 08:11:52 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
    + 2008-08-26 08:11:52 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
    + 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
    + 2008-08-26 08:11:53 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
    + 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
    + 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
    - 2004-08-05 12:00:00 220,160 ----a-w c:\windows\ime\mscandui.dll
    + 2008-04-14 02:33:30 220,160 ----a-w c:\windows\ime\mscandui.dll
    - 2004-08-05 12:00:00 130,048 ----a-w c:\windows\ime\SOFTKBD.DLL
    + 2008-04-14 02:33:41 130,048 ----a-w c:\windows\ime\softkbd.dll
    - 2004-08-05 12:00:00 62,976 ----a-w c:\windows\ime\SPGRMR.dll
    + 2008-04-13 16:43:18 62,976 ----a-w c:\windows\ime\spgrmr.dll
    - 2004-08-05 12:00:00 272,384 ----a-w c:\windows\ime\SPTIP.dll
    + 2008-04-14 02:33:46 272,384 ----a-w c:\windows\ime\sptip.dll
    - 2004-08-05 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
    + 2007-06-29 10:59:14 318,976 ----a-w c:\windows\inf\unregmp2.exe
    + 2006-10-26 17:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100C0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
    + 2006-10-26 17:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100C0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
    + 2006-10-27 13:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL
    + 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL
    + 2006-10-27 13:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
    + 2006-10-27 13:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEES.DLL
    + 2006-10-26 18:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
    + 2006-10-26 18:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
    + 2006-10-26 18:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL
    + 2006-10-26 18:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL
    + 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
    + 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
    + 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
    + 2006-10-26 18:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
    + 2006-10-27 13:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
    + 2006-10-26 18:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL
    + 2006-10-26 18:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL
    + 2006-10-26 18:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL
    + 2006-10-26 18:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
    + 2006-10-26 18:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL
    + 2006-10-26 18:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL
    + 2006-10-26 18:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL
    + 2006-10-27 13:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL
    + 2006-10-26 17:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE
    + 2006-10-26 19:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
    + 2006-10-27 13:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
    + 2006-10-26 18:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
    + 2006-10-26 18:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
    + 2006-10-26 17:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWDCW20.DLL
    + 2006-10-26 17:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
    + 2006-10-27 13:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
    + 2006-10-26 12:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FM20.DLL
    + 2006-10-26 17:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
    + 2006-10-27 13:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL
    + 2006-10-26 18:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE
    + 2006-10-26 18:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
    + 2006-10-26 18:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
    + 2006-10-27 13:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE
    + 2006-10-27 13:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
    + 2006-10-27 13:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
    + 2006-10-26 19:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL
    + 2006-10-26 17:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL
    + 2006-10-26 18:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
    + 2006-10-27 13:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
    + 2006-10-26 11:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL
    + 2006-10-27 13:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
    + 2006-10-27 12:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL
    + 2006-10-26 17:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
    + 2006-10-26 18:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL
    + 2006-10-26 19:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
    + 2006-10-26 18:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORES.DLL
    + 2006-10-26 11:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL
    + 2006-10-27 13:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
    + 2006-10-26 17:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE
    + 2006-10-26 11:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
    + 2006-10-26 17:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE
    + 2006-10-26 17:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL
    + 2006-10-26 18:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NAME.DLL
    + 2006-10-27 13:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OART.DLL
    + 2006-10-26 18:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
    + 2006-10-26 18:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
    + 2006-10-26 18:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL
    + 2006-10-27 13:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGL.DLL
    + 2006-10-26 18:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OIS.EXE
    + 2006-10-26 18:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL
    + 2006-10-26 18:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
    + 2006-10-27 13:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
    + 2006-10-26 18:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
    + 2006-10-26 18:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
    + 2006-10-26 18:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL
    + 2006-09-15 14:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
    + 2006-07-26 16:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
    + 2006-10-27 13:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
    + 2006-10-27 13:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
    + 2006-10-27 13:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
    + 2006-10-27 13:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
    + 2006-10-26 19:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL
    + 2006-10-27 13:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
    + 2006-10-27 13:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
    + 2006-10-26 17:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
    + 2006-10-26 18:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
    + 2006-10-26 18:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
    + 2006-10-27 13:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
    + 2006-10-26 18:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
    + 2006-10-26 19:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
    + 2006-10-26 19:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE
    + 2006-10-26 18:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
    + 2006-10-26 18:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
    + 2006-10-26 18:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE
    + 2006-10-26 18:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SETUP.EXE
    + 2006-07-28 13:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL
    + 2006-10-27 12:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL
    + 2006-09-29 22:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBE6.DLL
    + 2006-10-26 21:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
    + 2006-10-26 20:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL
    + 2006-10-27 13:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
    + 2006-10-27 13:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
    + 2006-10-27 13:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
    + 2006-10-27 13:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
    + 2006-10-26 19:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
    + 2006-10-26 19:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
    + 2007-10-05 19:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\EXCEL.EXE
    + 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\MSO.DLL
    + 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\OGL.DLL
    + 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE
    + 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL
    + 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WINWORD.EXE
    + 2007-09-06 17:03:02 4,280,176 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
    + 2007-08-28 23:07:58 24,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
    + 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WWLIB.DLL
    + 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\XL12CNV.EXE
    + 2007-08-24 04:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\XLCALL32.DLL
    - 2007-04-01 09:04:38 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-12-28 17:03:05 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2007-04-01 09:04:38 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-12-28 17:03:06 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2007-04-01 09:04:38 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-12-28 17:03:06 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2007-04-01 09:04:38 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2008-12-28 17:03:06 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2007-04-01 09:04:38 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-12-28 17:03:06 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2007-04-01 09:04:39 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-12-28 17:03:06 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2007-04-01 09:04:38 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-12-28 17:03:06 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2007-04-01 09:04:38 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-12-28 17:03:06 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2007-04-01 09:04:38 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-12-28 17:03:06 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2007-04-01 09:04:39 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-12-28 17:03:06 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2007-04-01 09:04:38 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-12-28 17:03:05 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2007-04-01 08:58:51 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
    + 2008-12-28 16:52:56 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
    - 2007-04-04 12:18:54 29,926 ----a-r c:\windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
    + 2008-12-29 17:44:39 29,926 ----a-r c:\windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
    + 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
    + 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
    + 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
    + 2008-04-14 02:33:06 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
    - 2003-02-20 17:09:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 06:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 17:09:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 06:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 06:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    - 2003-02-20 16:43:50 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 06:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 06:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 06:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 06:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-12-23 07:59:08 24,064 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1036\alinkui.dll
    + 2005-12-23 07:59:10 161,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1036\cscompui.dll
    + 2005-12-23 07:59:10 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1036\CvtResUI.dll
    + 2005-12-23 07:59:16 216,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1036\vbc7ui.dll
    + 2005-12-23 07:59:06 245,760 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1036\Vsavb7rtUI.dll
    + 2005-09-23 06:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 06:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 06:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 06:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 06:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 06:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 06:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 06:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 06:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 06:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 06:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 06:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 06:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 06:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 06:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 06:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 06:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 06:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 06:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 06:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 06:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 06:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 06:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 06:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 06:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 06:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 06:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-12-23 07:59:06 8,704 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_compiler.resources.dll
    + 2005-12-23 07:59:06 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_rc.dll
    + 2005-12-23 07:59:06 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_regbrowsers.resources.dll
    + 2005-12-23 07:59:06 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_regsql.resources.dll
    + 2005-12-23 07:59:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnetmmcext.resources.dll
    + 2005-12-23 07:59:14 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\caspol.resources.dll
    + 2005-12-23 07:59:14 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\InstallUtil.resources.dll
    + 2005-12-23 07:59:12 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\JSC.Resources.dll
    + 2005-12-23 07:59:14 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Microsoft.Build.Engine.resources.dll
    + 2005-12-23 07:59:14 139,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Microsoft.Build.Tasks.resources.dll
    + 2005-12-23 07:59:14 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Microsoft.Build.Utilities.Resources.dll
    + 2005-12-23 07:59:12 45,056 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Microsoft.JScript.Resources.dll
    + 2005-12-23 07:59:16 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Microsoft.VisualBasic.resources.dll
    + 2005-12-23 07:59:14 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\MSBuild.resources.dll
    + 2005-12-23 07:59:14 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\mscorlib.Resources.dll
    + 2005-12-23 07:59:14 404,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\mscorrc.dll
    + 2005-12-23 07:59:14 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\Regasm.resources.dll
    + 2005-12-23 07:59:14 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\ShFusRes.dll
    + 2005-12-23 07:59:14 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\sysglobl.resources.dll
    + 2005-12-23 07:59:14 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Configuration.Install.Resources.dll
    + 2005-12-23 07:59:14 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Configuration.resources.dll
    + 2005-12-23 07:59:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Data.OracleClient.resources.dll
    + 2005-12-23 07:59:14 335,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Data.Resources.dll
    + 2005-12-23 07:59:14 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\system.data.sqlxml.resources.dll
    + 2005-12-23 07:59:08 385,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Deployment.resources.dll
    + 2005-12-23 07:59:14 544,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Design.Resources.dll
    + 2005-12-23 07:59:14 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.DirectoryServices.Protocols.resources.dll
    + 2005-12-23 07:59:14 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.DirectoryServices.Resources.dll
    + 2005-12-23 07:59:14 6,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Drawing.Design.Resources.dll
    + 2005-12-23 07:59:14 15,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Drawing.R
    30 Décembre 2008 19:45:43

    et le second.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:43:07, on 30/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll bbqcfn.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    --
    End of file - 8127 bytes
    a b 8 Sécurité
    31 Décembre 2008 16:33:00

    Il y a eu un problème avec mon message, tu peux refaire la procédure (j'ai corrigé) ?
    1 Janvier 2009 10:00:41

    bonne année à tous .

    Zag premier log.

    ComboFix 08-12-30.02 - Philippe 2008-12-31 18:30:33.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.136 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Philippe\Bureau\secu\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 10:11 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-12-29 10:11 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-12-28 21:30 . 2008-12-28 21:30 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-28 21:29 . 2007-04-01 09:20 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-28 21:29 . 2008-12-28 21:29 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\Philippe\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-28 21:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-28 21:25 . 2008-12-28 21:25 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Search
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-28 17:55 . 2008-12-28 17:55 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Desktop Search
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\windows\system32\GroupPolicy
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\program files\Windows Desktop Search
    2008-12-28 17:53 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
    2008-12-28 17:53 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
    2008-12-28 17:53 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
    2008-12-28 17:47 . 2008-12-28 17:47 <REP> d-------- c:\program files\Windows Media Connect 2
    2008-12-28 17:45 . 2008-12-28 17:45 <REP> d-------- c:\windows\system32\LogFiles
    2008-12-28 17:45 . 2008-12-28 17:46 <REP> d-------- c:\windows\system32\drivers\UMDF
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\fr
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\bits
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\l2schemas
    2008-12-28 15:53 . 2008-12-28 15:58 <REP> d-------- c:\windows\ServicePackFiles
    2008-12-27 18:21 . 2008-12-29 14:11 1,393 --a------ c:\windows\imsins.BAK
    2008-12-27 14:13 . 2008-12-27 14:13 <REP> d-------- c:\program files\Trend Micro
    2008-12-27 10:03 . 2008-12-27 10:03 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Lavasoft
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-27 09:56 . 2008-12-27 09:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-11 20:13 . 2008-12-11 20:13 0 --a------ C:\ntf32.exe
    2008-12-11 19:20 . 2008-12-25 12:38 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-11 19:16 . 2008-12-30 19:32 <REP> d-------- c:\windows\system32\drivers\Avg
    2008-12-11 19:16 . 2008-12-11 20:27 <REP> d-------- c:\documents and settings\Philippe\Application Data\AVGTOOLBAR
    2008-12-11 19:16 . 2008-12-11 19:16 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
    2008-12-11 19:16 . 2008-12-11 19:16 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\program files\AVG
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-09 21:25 . 2008-12-09 21:25 <REP> dr-hs---- C:\CONFIG
    2008-12-08 19:41 . 2008-12-08 19:43 1,025 --a------ C:\wny.exe
    2008-12-08 19:35 . 2008-12-08 19:38 1,025 --a------ C:\osy.exe
    2008-11-13 18:42 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-31 16:15 --------- d-----w c:\program files\Wanadoo
    2008-12-29 17:44 --------- d-----w c:\program files\MSN Messenger
    2008-12-28 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-27 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-26 22:16 --------- d-----w c:\program files\eMule
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-30_19.17.17,20 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-30 15:48:19 70,804 ----a-w c:\windows\system32\perfc009.dat
    + 2008-12-31 09:11:07 70,804 ----a-w c:\windows\system32\perfc009.dat
    - 2008-12-30 15:48:19 92,642 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-12-31 09:11:07 92,642 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-12-30 15:48:19 421,798 ----a-w c:\windows\system32\perfh009.dat
    + 2008-12-31 09:11:07 421,798 ----a-w c:\windows\system32\perfh009.dat
    - 2008-12-30 15:48:19 511,162 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-12-31 09:11:07 511,162 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-12-31 09:07:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_744.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-01 282624]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-12 1261336]
    "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll bbqcfn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-11 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-11 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-11 90632]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-11 874776]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
    c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-31 c:\windows\Tasks\A3510B4091868824.job
    - c:\docume~1\philippe\applic~1\drives~1\storetimejoy.exe []
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.orange.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: { - c:\program files\Messenger\msmsgs.exe

    c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
    c:\windows\Downloaded Program Files\AdVerifierADP.dll
    c:\windows\Downloaded Program Files\AdSignerADP.dll
    O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
    hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    c:\windows\Downloaded Program Files\AdSignerADP.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-31 18:32:07
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(940)
    c:\windows\system32\avgrsstx.dll

    - - - - - - - > 'lsass.exe'(1028)
    c:\windows\system32\avgrsstx.dll
    .
    Heure de fin: 2008-12-31 18:33:08
    ComboFix-quarantined-files.txt 2008-12-31 17:32:53
    ComboFix2.txt 2008-12-31 17:26:54
    ComboFix3.txt 2008-12-30 18:17:50
    ComboFix4.txt 2008-12-27 15:22:48

    Avant-CF: 51 833 147 392 octets libres
    Après-CF: 51,819,745,280 octets libres

    198 --- E O F --- 2008-12-29 13:12:02
    1 Janvier 2009 10:01:30

    second rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:21, on 31/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll bbqcfn.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    --
    End of file - 8236 bytes
    a b 8 Sécurité
    1 Janvier 2009 19:06:37

    Recommence avec le script suivant :

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll"
    1 Janvier 2009 20:51:30

    ComboFix 08-12-31.01 - Philippe 2009-01-01 20:07:05.7 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.124 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Philippe\Bureau\secu\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 10:11 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-12-29 10:11 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-12-28 21:30 . 2008-12-28 21:30 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-28 21:29 . 2007-04-01 09:20 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-28 21:29 . 2007-04-01 12:06 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-28 21:29 . 2008-12-28 21:29 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\Philippe\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-28 21:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-28 21:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-28 21:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-28 21:25 . 2008-12-28 21:25 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Search
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
    2008-12-28 17:58 . 2008-12-28 17:58 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-28 17:55 . 2008-12-28 17:55 <REP> d-------- c:\documents and settings\Philippe\Application Data\Windows Desktop Search
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\windows\system32\GroupPolicy
    2008-12-28 17:54 . 2008-12-28 17:54 <REP> d-------- c:\program files\Windows Desktop Search
    2008-12-28 17:53 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
    2008-12-28 17:53 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
    2008-12-28 17:53 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
    2008-12-28 17:47 . 2008-12-28 17:47 <REP> d-------- c:\program files\Windows Media Connect 2
    2008-12-28 17:45 . 2008-12-28 17:45 <REP> d-------- c:\windows\system32\LogFiles
    2008-12-28 17:45 . 2008-12-28 17:46 <REP> d-------- c:\windows\system32\drivers\UMDF
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\fr
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\system32\bits
    2008-12-28 15:58 . 2008-12-28 15:58 <REP> d-------- c:\windows\l2schemas
    2008-12-28 15:53 . 2008-12-28 15:58 <REP> d-------- c:\windows\ServicePackFiles
    2008-12-27 18:21 . 2008-12-29 14:11 1,393 --a------ c:\windows\imsins.BAK
    2008-12-27 14:13 . 2008-12-27 14:13 <REP> d-------- c:\program files\Trend Micro
    2008-12-27 10:03 . 2008-12-27 10:03 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Lavasoft
    2008-12-27 09:56 . 2008-12-27 09:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-27 09:56 . 2008-12-27 09:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-11 20:13 . 2008-12-11 20:13 0 --a------ C:\ntf32.exe
    2008-12-11 19:20 . 2008-12-25 12:38 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-11 19:16 . 2008-12-31 18:55 <REP> d-------- c:\windows\system32\drivers\Avg
    2008-12-11 19:16 . 2008-12-11 20:27 <REP> d-------- c:\documents and settings\Philippe\Application Data\AVGTOOLBAR
    2008-12-11 19:16 . 2008-12-11 19:16 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
    2008-12-11 19:16 . 2008-12-11 19:16 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
    2008-12-11 19:16 . 2008-12-11 19:16 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\program files\AVG
    2008-12-11 19:15 . 2008-12-11 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-09 21:25 . 2008-12-09 21:25 <REP> dr-hs---- C:\CONFIG
    2008-12-08 19:41 . 2008-12-08 19:43 1,025 --a------ C:\wny.exe
    2008-12-08 19:35 . 2008-12-08 19:38 1,025 --a------ C:\osy.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 18:54 --------- d-----w c:\program files\Wanadoo
    2008-12-29 17:44 --------- d-----w c:\program files\MSN Messenger
    2008-12-28 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-27 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-26 22:16 --------- d-----w c:\program files\eMule
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-30_19.17.17,20 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-30 15:48:19 70,804 ----a-w c:\windows\system32\perfc009.dat
    + 2009-01-01 18:54:14 70,804 ----a-w c:\windows\system32\perfc009.dat
    - 2008-12-30 15:48:19 92,642 ----a-w c:\windows\system32\perfc00C.dat
    + 2009-01-01 18:54:14 92,642 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-12-30 15:48:19 421,798 ----a-w c:\windows\system32\perfh009.dat
    + 2009-01-01 18:54:14 421,798 ----a-w c:\windows\system32\perfh009.dat
    - 2008-12-30 15:48:19 511,162 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-01 18:54:14 511,162 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-01 18:50:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e8.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-01 282624]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-12 1261336]
    "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll bbqcfn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-11 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-11 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-11 90632]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-11 874776]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-11 231704]

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
    c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-01 c:\windows\Tasks\A3510B4091868824.job
    - c:\docume~1\philippe\applic~1\drives~1\storetimejoy.exe []
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.orange.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: { - c:\program files\Messenger\msmsgs.exe

    c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
    c:\windows\Downloaded Program Files\AdVerifierADP.dll
    c:\windows\Downloaded Program Files\AdSignerADP.dll
    O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
    hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    c:\windows\Downloaded Program Files\AdSignerADP.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 20:08:34
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(940)
    c:\windows\system32\avgrsstx.dll

    - - - - - - - > 'lsass.exe'(1024)
    c:\windows\system32\avgrsstx.dll
    .
    Heure de fin: 2009-01-01 20:09:32
    ComboFix-quarantined-files.txt 2009-01-01 19:09:17
    ComboFix2.txt 2009-01-01 19:05:19
    ComboFix3.txt 2008-12-31 17:33:09
    ComboFix4.txt 2008-12-31 17:26:54
    ComboFix5.txt 2009-01-01 19:06:08

    Avant-CF: 51 790 127 104 octets libres
    Après-CF: 51,776,204,800 octets libres

    197 --- E O F --- 2008-12-29 13:12:02
    1 Janvier 2009 20:52:20

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:42, on 01/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll bbqcfn.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    --
    End of file - 8193 bytes


    voila le second.

    a b 8 Sécurité
    2 Janvier 2009 18:02:37

    C'est bien un nouveau rapport Hijackthis ?
    3 Janvier 2009 09:53:28

    Oui c'est bien un nouveau rapport.
    a b 8 Sécurité
    3 Janvier 2009 18:28:21

    Pour Combofix, tu n'as pas fait ce que j'ai dit avec CFScript.txt.
    a b 8 Sécurité
    3 Janvier 2009 18:42:29

    Bizarre.

    Fix la ligne dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O20 - AppInit_DLLs: avgrsstx.dll bbqcfn.dll
    4 Janvier 2009 15:02:38

    je ne suis plus devant le pc, c'est mon beau frère qui reprend,il me dit avoir tout bien fait, et fixer le cadre.

    Voici le nouveau rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:51, on 04/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    --
    End of file - 8312 bytes
    a b 8 Sécurité
    4 Janvier 2009 17:17:22

    Tu as encore des soucis ?
    4 Janvier 2009 19:38:32

    je lui ai posé la question apparament non.

    Plus de fenetres de pub et apparement plus de soucis de lenteur comme par le passé.

    Il reste un truc, quans il ouvre IE, il faut attendre 7 à 10 sec avant d'afficher la page de démarrage sinon une fois ouvert ca roule.
    a b 8 Sécurité
    5 Janvier 2009 17:10:08

    Citation :
    Il reste un truc, quans il ouvre IE, il faut attendre 7 à 10 sec avant d'afficher la page de démarrage sinon une fois ouvert ca roule.

    Je peux rien faire là :/ 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS