Votre question

[ Resolu ] Cheval de troie =)

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Juin 2008 13:52:41

Bonjour :)  Heu il y a un cheval de troie dans l'ordinateur de mon père qui est détecté par son antivirus AVG mais impossible de le supprimer. Je ne pense pas qu'il y ai que cela comme virus :sweat:  ...
Quelqu'un pourrait-il m'aider?
Merci beaucoup d'avance

Autres pages sur : resolu cheval troie

a b 8 Sécurité
13 Juin 2008 15:38:19

Bonjour,

Tu as l'emplacement ?
13 Juin 2008 19:14:28

Oui C:\Windows\System32\rqRLdEut.dll
Contenus similaires
13 Juin 2008 19:19:29

Mais quand je veux le supprimer bien entendu cela ne marche pas. Manuellement mais aussi avec l'antivirus actuel qui est AVG. J'aivais installé Antivir Avira mais il affichait des detections sans arrets et n'arrivait pas à le supprimer ou le mettre en quarantaine donc je l'ai desinstallé pour le moment.
a b 8 Sécurité
14 Juin 2008 11:15:41

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    14 Juin 2008 13:31:07

    J'ai bien téléchargé le logiciel et il est en train d'analyser l'ordinateur. Par contre il m'a tout de suite demandé d'analyser sans redemarer ... Donc je l'ai fait . J'espere que cela ne posera pas de problème.
    Je posterais le rapport d'erreur dès que c'est terminé. Pour le moment il y a 32 éléments infectés et AVG en detecte toujours. Dois-je désactiver AVG antivirus ??
    14 Juin 2008 14:50:48

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 846

    14:28:43 14/06/2008
    mbam-log-6-14-2008 (14-28-43).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 156584
    Temps écoulé: 27 minute(s), 8 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 57
    Valeur(s) du Registre infectée(s): 8
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 75

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b3dce744-06c7-4c09-b99d-f54254c0954f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ea8279e1-f6b8-495a-8c6a-cb47bd8356d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c7ccfdab-ccb0-46ad-8bf9-45aff6c7b742} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7bafe909-2f2d-4da0-a398-d22458caf3dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c93db567-3f35-408f-8de6-2b570db6a5a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qtvglped.bvtp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareIsolator (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
    C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\tuEdLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\tuEdLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Philippe\AppData\Local\Temp\eydaapdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareIsolator\alarm.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareIsolator\click.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareIsolator\dbinfo (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareIsolator\success.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
    C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Philippe\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    14 Juin 2008 14:52:18

    Je refais une analyse et il ne detecte plus rien mais AVG si et cette fois ce sont des dossier differents sur systeme32 comme sur common file ou MSAgent : jamais les meme donc je n'ai pas vraiment le temps de noter.
    15 Juin 2008 12:30:05

    Voila le rapport :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:29:17, on 15/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Philippe\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {2ABD4117-8CF1-4A41-930B-9391E8C2DE6C} - C:\Windows\system32\rqRLdEut.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - C:\Windows\qtvglped.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [6699a9e1] rundll32.exe "C:\Users\Philippe\AppData\Local\Temp\vodcsmnu.dll",b
    O4 - HKLM\..\Policies\Explorer\Run: [kyJE7WP9eX] C:\ProgramData\erulsvqh\wjatgxcp.exe
    O4 - HKLM\..\Policies\Explorer\Run: [mQJOQ0190y] C:\ProgramData\erulsvqh\wjatgxcp.exe
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9293 bytes
    a b 8 Sécurité
    15 Juin 2008 12:31:10

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    15 Juin 2008 12:46:46

    ComboFix 08-06-12.2 - Philippe 2008-06-15 12:36:05.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1082 [GMT 2:00]
    Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Philippe\AppData\Local\bwkiuidy.dat
    C:\Users\Philippe\AppData\Local\bwkiuidy_nav.dat
    C:\Users\Philippe\AppData\Local\bwkiuidy_navps.dat
    C:\Windows\Fonts\CALIBRIB.TTF
    C:\Windows\system32\otftdipy.ini
    C:\Windows\system32\qlhjkmrc.ini
    C:\Windows\system32\xdaqjcik.ini
    C:\Windows\Web\def.htm

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
    2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
    2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
    2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
    2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
    2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
    2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
    2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
    2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
    2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
    2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
    2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-04-19 11:02 --------- d-----w C:\ProgramData\erulsvqh
    2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
    2008-04-18 17:38 --------- d-----w C:\Program Files\Google
    2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
    2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
    2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
    2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
    2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
    2008-04-17 16:11 --------- d-----w C:\Program Files\Real
    2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABD4117-8CF1-4A41-930B-9391E8C2DE6C}]
    2008-04-16 15:19 271424 --a------ C:\Windows\system32\rqRLdEut.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{74E5E4E8-79DD-49AC-B64B-E74822D5F3CD}"= "C:\Windows\qtvglped.dll" [ ]

    [HKEY_CLASSES_ROOT\clsid\{74e5e4e8-79dd-49ac-b64b-e74822d5f3cd}]
    [HKEY_CLASSES_ROOT\qtvglped.1]
    [HKEY_CLASSES_ROOT\TypeLib\{C93DB567-3F35-408F-8DE6-2B570DB6A5A0}]
    [HKEY_CLASSES_ROOT\qtvglped]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
    "IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
    "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "kyJE7WP9eX"= C:\ProgramData\erulsvqh\wjatgxcp.exe
    "mQJOQ0190y"= C:\ProgramData\erulsvqh\wjatgxcp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
    "UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

    R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-15 12:40:26
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    C:\hp\KBD\kbd.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-15 12:44:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-15 10:44:52

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 207,921,545,216 octets libres

    185 --- E O F --- 2008-06-14 17:06:36
    15 Juin 2008 12:51:11

    AVG est desinstallé. Pourrais tu me conseiller un bon antivirus ( gratuit si possible ) pour proteger correctement l'ordinateur ?
    Est-il endommagé ?? :s Ou est ce que l'on peut se debarrasser de tous ces virus ? Merci beaucoup de ton aide =)
    a b 8 Sécurité
    15 Juin 2008 20:28:01

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\system32\rqRLdEut.dll
    C:\Windows\qtvglped.dll

    Folder::
    C:\ProgramData\erulsvqh

    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABD4117-8CF1-4A41-930B-9391E8C2DE6C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{74E5E4E8-79DD-49AC-B64B-E74822D5F3CD}"=-
    [-HKEY_CLASSES_ROOT\clsid\{74e5e4e8-79dd-49ac-b64b-e74822d5f3cd}]
    [-HKEY_CLASSES_ROOT\qtvglped.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{C93DB567-3F35-408F-8DE6-2B570DB6A5A0}]
    [-HKEY_CLASSES_ROOT\qtvglped]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "kyJE7WP9eX"=-
    "mQJOQ0190y"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    16 Juin 2008 10:29:14

    Rapport ComboFix :
    ComboFix 08-06-12.2 - Philippe 2008-06-16 10:18:20.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00]
    Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Philippe\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\qtvglped.dll
    C:\Windows\system32\rqRLdEut.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\erulsvqh
    C:\Windows\system32\rqRLdEut.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-15 12:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 12:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 12:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 12:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
    2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
    2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
    2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
    2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
    2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
    2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
    2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
    2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
    2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
    2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
    2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
    2008-04-18 17:38 --------- d-----w C:\Program Files\Google
    2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
    2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
    2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
    2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
    2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
    2008-04-17 16:11 --------- d-----w C:\Program Files\Real
    2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-15_12.44.41.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    + 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    - 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    + 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
    - 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
    + 2008-06-15 16:56:21 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b3a5c81e91bf9b1e63697e53a41ac0ed\AspNetMMCExt.ni.dll
    + 2008-06-15 15:03:34 425,984 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7b38b32ba60b3eb9195c4e1fcc2c3b9d\BDATunePIA.ni.dll
    + 2008-06-15 15:03:37 503,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a29c71731e54f91d32ccc55d5493126d\ComSvcConfig.ni.exe
    + 2008-06-15 16:56:21 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8b7076d09705567c6431176b693597ab\CustomMarshalers.ni.dll
    + 2008-06-15 16:56:22 15,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\314a2a2c7ac434889e2478150e910adf\dfsvc.ni.exe
    + 2008-06-15 16:56:22 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\56309ef1e57faa5e1c01a04a7e3aefc2\ehCIR.ni.dll
    + 2008-06-15 16:55:30 2,428,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\71e74bb49db5f69f8ed020dd1cb0b6b6\ehepg.ni.dll
    + 2008-06-15 16:55:37 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\507f31ea7666854edb2752be04453c54\ehepgdat.ni.dll
    + 2008-06-15 16:56:23 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\12b1c96d740bd58807beab61bb7a83e6\ehExtCOM.ni.dll
    + 2008-06-15 16:55:37 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\877e9f90267ecd61069716bd5c5c62b5\ehExtHost.ni.exe
    + 2008-06-15 16:55:57 24,576 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\9690acf6b16810061de6ed44368980a9\ehiExtCOM.ni.dll
    + 2008-06-15 16:55:38 188,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\52610279dc1c7658eafbf00b8d197bf9\ehiExtens.ni.dll
    + 2008-06-15 16:55:39 610,304 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\6c123aa14560b7dff4968bcfbcc48ba6\ehiPlay.ni.dll
    + 2008-06-15 16:55:31 983,040 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5f8aee18344b9910bbec6af974c074d5\ehiProxy.ni.dll
    + 2008-06-15 16:55:38 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\0b31398ed7a071f087b271393a522038\ehiReplay.ni.dll
    + 2008-06-15 16:55:36 58,368 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ca15bb63e13565d7b8b168403a0dbf37\ehiUserXp.ni.dll
    + 2008-06-15 16:55:39 839,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\f14b581820693d30efb00f6c2753ff1a\ehiVidCtl.ni.dll
    + 2008-06-15 16:55:40 376,832 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\54da10294f5f71396a622da622c8c820\ehiwmp.ni.dll
    + 2008-06-15 16:55:42 122,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9a8dbbf00820151502bf5886759bd9ff\ehiWUapi.ni.dll
    + 2008-06-15 16:55:42 1,949,696 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\7b990bb48f1fb6b6c8a1008922579cbd\ehRecObj.ni.dll
    + 2008-06-15 16:55:57 12,742,656 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\41dde58a0d3b2a978513f2a530590aae\ehshell.ni.dll
    + 2008-06-15 16:55:58 577,536 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\368debb045e28955b65910779050eccc\EventViewer.ni.dll
    + 2008-06-15 16:55:57 86,016 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\loadmxf\91672362ea8e76d7800c6d3176364d0b\loadmxf.ni.exe
    + 2008-06-15 16:55:43 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\ce94320ce05675ecc24593041cd9ca15\mcstore.ni.dll
    + 2008-06-15 16:55:44 315,392 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\6aa5747fb711f9d478b1b943fddf2b61\mcstoredb.ni.dll
    + 2008-06-15 16:56:05 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\98e5b56f1514e49a2dce1134beed3eda\mcupdate.ni.exe
    + 2008-06-15 16:55:57 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\81d064c3c21181a4a5ec456becbbef4c\Mcx2Dvcs.ni.dll
    + 2008-06-15 16:56:24 876,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e24c7a7e58f9b3432df623710b9c5e01\Microsoft.Build.Engine.ni.dll
    + 2008-06-15 16:56:24 81,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6dc26698fcb3f0f93759f3c38a6207d5\Microsoft.Build.Framework.ni.dll
    + 2008-06-15 16:56:26 1,695,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\87407c2d9c2530f716841b6d6ebdf563\Microsoft.Build.Tasks.ni.dll
    + 2008-06-15 16:56:26 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bdd6a68dce3ff4146b24afdf9759402b\Microsoft.Build.Utilities.ni.dll
    + 2008-06-15 16:56:06 1,441,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d521fc6793855857df18b7cb9ab0acaa\Microsoft.Ink.ni.dll
    + 2008-06-15 16:56:18 2,441,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\2f558d3a6d024dfcdd1d62233a067b40\Microsoft.JScript.ni.dll
    + 2008-06-15 16:55:59 614,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b059345a9c2a126e320e17c2090dd354\Microsoft.ManagementConsole.ni.dll
    + 2008-06-15 16:55:38 618,496 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\14343af24080e0f0b2acd869f6d1211d\Microsoft.MediaCenter.ni.dll
    + 2008-06-15 16:55:43 253,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\288266751f2bcc9d673520ed1d1ac7a2\Microsoft.MediaCenter.Shell.ni.dll
    + 2008-06-15 16:55:36 5,861,376 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7ffb1a8f14e79ec2ea006e54a4162c18\Microsoft.MediaCenter.UI.ni.dll
    + 2008-06-15 16:55:45 704,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\88cdfe079a647ffba0850e19ec3d2711\Microsoft.MediaCenter.Sports.ni.dll
    + 2008-06-15 16:55:28 1,232,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\198b25c569e8a6fbb78092fe9c697600\Microsoft.Transactions.Bridge.ni.dll
    + 2008-06-15 16:56:08 401,408 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b0da39820e35eb3821e69ac8ace491a1\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2008-06-15 16:56:28 1,740,800 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a96c6b0c75f8ea3eb133018ba3b49f3f\Microsoft.VisualBasic.ni.dll
    + 2008-06-15 16:56:18 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\81c771cf263c377d46aaf249c7ab903a\Microsoft.Vsa.ni.dll
    + 2008-06-15 16:56:04 6,443,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66ad568e1ea098a2099364bf66bdaed8\MIGUIControls.ni.dll
    + 2008-06-15 16:56:10 1,691,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\f5934f1b89f7c8fb3f0bab1c21045f1c\MMCEx.ni.dll
    + 2008-06-15 16:56:00 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\a3d6cbb5a1efbd314e7080bbbd78d1cd\MMCFxCommon.ni.dll
    + 2008-06-15 16:56:10 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\29d0ab81098806db3b769de45054ea13\napcrypt.ni.dll
    + 2008-06-15 16:56:10 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\65fba2f3c000945397537d9646148f6c\naphlpr.ni.dll
    + 2008-06-15 16:56:11 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\ad70802a13332254382fd4bddbfbc8b3\napinit.ni.dll
    + 2008-06-15 16:56:11 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\ae9a564a6dd8814ba0ec381fd07be4bb\napsnap.ni.dll
    + 2008-06-15 16:56:31 2,641,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\1b896bbb7ed678902995f5a2479962e8\Narrator.ni.exe
    + 2008-06-15 16:56:32 1,581,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7c78c24952fad7252c7ff7f739fd6198\PresentationBuildTasks.ni.dll
    + 2008-06-15 16:56:36 2,035,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fa8522105eb716eed71e99bb9bfe06ee\PresentationUI.ni.dll
    + 2008-06-15 16:56:41 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\99836ab309902e40176dc5ca0854f7b2\ReachFramework.ni.dll
    + 2008-06-15 16:56:12 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\b682f5929b1f3f2a0b585cbc999df489\ServiceModelReg.ni.exe
    + 2008-06-15 16:55:21 303,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ee487a5b3e62f510183f68538f583135\SMDiagnostics.ni.dll
    + 2008-06-15 16:56:13 323,584 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\470e3064a09dc8107667143d09811786\SMSvcHost.ni.exe
    + 2008-06-15 16:55:31 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\07c3757edda55c714c4e69a94be4e35e\stdole.ni.dll
    + 2008-06-15 16:56:45 262,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\811305f0e9b3729e5a6a991b6645de92\sysglobl.ni.dll
    + 2008-06-15 15:04:00 1,183,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f293fee60fc17173a220dec17a8f2a4a\System.Data.OracleClient.ni.dll
    + 2008-06-15 15:04:01 512,000 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c99dec707cab9de8b03b8821a0716ac\System.DirectoryServices.Protocols.ni.dll
    + 2008-06-15 15:03:41 1,224,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b6dfa3ee72dae0f0aa3d072d3b5af2a6\System.DirectoryServices.ni.dll
    + 2008-06-15 15:03:39 659,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.ni.dll
    + 2008-06-15 15:03:39 294,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.Wrapper.dll
    + 2008-06-15 16:55:26 241,664 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5ff73b37102042c3e28f22106dde8ad4\System.IdentityModel.Selectors.ni.dll
    + 2008-06-15 16:55:25 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44573dbcf8c8046c8d4b9ba8109d90e7\System.IdentityModel.ni.dll
    + 2008-06-15 16:56:13 417,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\28b40aac039323938aa010da90240207\System.IO.Log.ni.dll
    + 2008-06-15 16:56:16 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
    + 2008-06-15 16:55:26 655,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1bb37d7286f4cd22de1b1e7f6d2950b2\System.Messaging.ni.dll
    + 2008-06-15 16:56:37 1,134,592 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d82ee3d7910c5dab8c97c4e7973d7bbc\System.Printing.ni.dll
    + 2008-06-15 15:03:43 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
    + 2008-06-15 16:55:24 2,445,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\529360b58964fe947006d8669aea62f3\System.Runtime.Serialization.ni.dll
    + 2008-06-15 16:55:20 18,071,552 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cfcba8cb539cb3dc5e92c544bd6d9dc5\System.ServiceModel.ni.dll
    + 2008-06-15 16:56:44 2,039,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b75eb02af4a4a29474726c41641ac18e\System.Speech.ni.dll
    + 2008-06-15 15:03:40 679,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\62dc499efc246da6806ba0b74ac447f1\System.Transactions.ni.dll
    + 2008-06-15 16:56:47 2,342,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7185958cf25ae6673e828dd1e7ac65ed\System.Web.Mobile.ni.dll
    + 2008-06-15 15:04:00 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\320ae07cc8c7b946d2944c63a72871fc\System.Web.RegularExpressions.ni.dll
    + 2008-06-15 15:03:58 1,986,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\af61137b092f7167a1bb6d5f8ee294d8\System.Web.Services.ni.dll
    + 2008-06-15 15:03:55 12,513,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
    + 2008-06-15 16:56:14 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\0a7389d61536c156ce0485a0a14d1c3f\TaskScheduler.ni.dll
    + 2008-06-15 16:56:48 483,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\247502ab3842b4a61f36dc4e0279f354\UIAutomationClient.ni.dll
    + 2008-06-15 16:56:49 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94bf31eac9cf2d253b451e225669e91c\UIAutomationClientsideProviders.ni.dll
    + 2008-06-15 16:56:50 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\32372878e4291ce171ce9eb482d9188a\WindowsFormsIntegration.ni.dll
    + 2008-06-15 16:56:15 380,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0ecb8c2a9fa7b6c5e7c9d77b44ff6eb1\WsatConfig.ni.exe
    - 2008-06-15 10:40:04 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-16 08:22:14 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-01-19 07:34:08 373,248 ----a-w C:\Windows\ehome\ehglid.dll
    + 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\ehome\ehglid.dll
    - 2008-01-19 07:34:08 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll
    + 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll
    - 2008-01-19 07:34:08 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
    + 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
    - 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
    + 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
    - 2008-01-10 05:50:47 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
    + 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
    - 2008-01-19 07:34:09 522,240 ----a-w C:\Windows\ehome\ehui.dll
    + 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\ehome\ehui.dll
    - 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
    + 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
    - 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
    - 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-15 10:38:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-15 10:55:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-07 18:24:48 101,896 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-16 08:16:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-07 18:24:48 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-16 08:16:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-07 18:24:48 589,884 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-16 08:16:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-07 18:24:48 672,096 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-16 08:16:00 672,096 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-15 10:38:28 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    + 2008-06-15 21:32:15 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    - 2008-06-15 10:24:48 12,382 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
    + 2008-06-16 08:13:05 12,778 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
    - 2008-06-15 10:24:48 62,372 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-16 08:13:05 62,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-04 19:36:31 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-06-15 21:31:55 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-06-15 10:24:47 58,120 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-16 08:13:04 58,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-14 19:20:09 198,752 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-06-15 20:48:22 201,278 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll
    + 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll
    + 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe
    + 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe
    + 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll
    + 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll
    + 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll
    + 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll
    + 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll
    + 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll
    + 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\Microsoft.MediaCenter.Shell.dll
    + 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\Microsoft.MediaCenter.Shell.dll
    + 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll
    + 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll
    + 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll
    + 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe
    + 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe
    + 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe
    + 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe
    + 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll
    + 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll
    + 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll
    + 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll
    + 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll
    + 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe
    + 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll
    + 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe
    + 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll
    + 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll
    + 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll
    + 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll
    + 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll
    + 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll
    + 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll
    + 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll
    + 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll
    + 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll
    + 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll
    + 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll
    + 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll
    + 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll
    + 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll
    + 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll
    + 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll
    + 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll
    + 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll
    + 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll
    + 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll
    + 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll
    + 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll
    + 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll
    + 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll
    + 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll
    + 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll
    + 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll
    + 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll
    + 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
    "IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
    "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
    "UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

    R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-16 10:22:39
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\hp\KBD\kbd.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-16 10:27:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-16 08:27:09
    ComboFix2.txt 2008-06-15 10:44:57

    Pre-Run: 206,790,066,176 octets libres
    Post-Run: 206,875,549,696 octets libres

    380 --- E O F --- 2008-06-15 15:02:02
    16 Juin 2008 10:30:28

    Rapport Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:48, on 16/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\Explorer.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\Philippe\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 7971 bytes
    a b 8 Sécurité
    16 Juin 2008 11:02:39

    Encore des soucis ?
    16 Juin 2008 12:06:25

    Heu est ce que d'après mes rapports que j'ai envoyé il en reste encore ?
    a b 8 Sécurité
    16 Juin 2008 12:09:03

    Normalement nan.
    16 Juin 2008 12:09:42

    Ha et qu'est ce que je pourrais installer comme antivirus sur cet ordinateur (étant donné qu'il n'y en a plus ) ? Pour éviter d'autres soucis ? Sur mon PC à moi j'ai Antivir Avira est-il bon ? Et puis une derniere question : Dois je desinstaller Hijackthis et Combofix ?
    Merci encore pour ton aide =)
    a b 8 Sécurité
    16 Juin 2008 12:16:41

    AntiVir est bon. Pour Hijackthis et Combofix, tu peux supprimer.
    16 Juin 2008 12:25:56

    Bon tout est fait je fais un scan avec Antivir mais il n'a rien détecté alors qu'il le fesait dès son ouverture il y a quelques jours donc je pense que tout est ok !!
    =)=)
    Merci beaucoup. Comment mettre [resolu] sur le sujet ?
    16 Juin 2008 12:38:09

    Je n'arrive pas à supprimer les dossier norton internet security qui ne sert plus à rien ... c'est important ?
    a b 8 Sécurité
    16 Juin 2008 13:22:04

    Norton Removal Tool pour la suppression de Norton.
    16 Juin 2008 13:38:21

    D'accord merci. Comment faire pour que Internet Explorer s'ouvre sans devoir à chaque fois cliquer sur autoriser l'ouverture de ce programme ? Sinon après tout est nickel ^^
    Merci
    a b 8 Sécurité
    16 Juin 2008 14:57:51

    Qui te demande une autorisation ?
    16 Juin 2008 15:18:37

    Il se lance en mode admin ! Clic droit, et vérifie que t'as pas activer l'option "éxécuter en tant qu'administrateur"

    C'est Vista Angel !
    a b 8 Sécurité
    16 Juin 2008 15:31:11

    Pour IE ? J'ai jamais eu ce problème Red.
    16 Juin 2008 16:20:13

    Quand je clique sur l'icone internet explorer il y a mon ecran qui s'assombris et une petite fenetre en bas à gauche qui dit : un programme non identifié veut acceder à votre ordinateur. puis annuler ou autoriser. Et oui c'est sur Vista
    16 Juin 2008 16:26:14

    Où se situe l'option " executer en tant qu'administrateur " ?
    16 Juin 2008 16:29:11

    Clic droit, propriété... Sur l'application iexplorer.exe !

    À mon avis, t'as encore des trucs sur ton PC ... Relance la panoplie Antivir, Adaware et cie !
    16 Juin 2008 16:33:45

    heu ... quand on est sur propriété c'est quel onglet. Je refais les analyses mais Antivir que j'ai refait il y a une heure n'a rien détécté.
    16 Juin 2008 17:14:29

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 846

    17:14:00 16/06/2008
    mbam-log-6-16-2008 (17-14-00).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 158303
    Temps écoulé: 39 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    16 Juin 2008 17:24:22

    ComboFix 08-06-15.4 - Philippe 2008-06-16 17:16:49.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1032 [GMT 2:00]
    Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Program Files\Avira
    2008-06-15 12:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 12:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 12:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 12:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
    2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
    2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
    2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
    2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
    2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-16 11:24 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
    2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
    2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
    2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
    2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
    2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
    2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
    2008-04-18 17:38 --------- d-----w C:\Program Files\Google
    2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
    2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
    2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
    2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
    2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
    2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
    2008-04-17 18:43 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-04-17 18:43 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-04-17 16:11 --------- d-----w C:\Program Files\Real
    2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-06-16_10.26.56.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-16 08:22:14 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-16 12:11:08 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-16 12:11:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-16 12:11:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-16 12:12:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-16 12:12:46 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-16 12:12:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-16 12:12:41 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-16 12:11:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-15 10:55:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-16 12:11:09 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-16 12:11:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-15 10:36:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-06-16 15:16:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-06-16 15:16:45 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    + 2008-03-04 11:28:53 79,424 ----a-w C:\Windows\System32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\Windows\System32\drivers\ssmdrv.sys
    - 2008-06-16 08:16:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-16 12:16:48 101,896 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-16 08:16:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-16 12:16:48 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-16 08:16:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-16 12:16:48 589,884 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-16 08:16:00 672,096 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-16 12:16:48 672,096 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-16 08:13:05 12,778 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
    + 2008-06-16 12:12:59 12,882 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
    - 2008-06-16 08:13:05 62,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-16 12:12:59 62,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-16 08:13:04 58,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-16 12:12:58 58,734 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-15 20:48:22 201,278 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-06-16 09:40:01 201,502 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
    "IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
    "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
    "UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

    R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - MBAMCATCHME
    *Newly Created Service* - SSMDRV
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-16 17:21:26
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    [0] 0x08133F12

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-16 17:23:21
    ComboFix-quarantined-files.txt 2008-06-16 15:22:52
    ComboFix2.txt 2008-06-16 08:27:14
    ComboFix3.txt 2008-06-15 10:44:57

    Pre-Run: 208,422,899,712 octets libres
    Post-Run: 208,391,086,080 octets libres

    197 --- E O F --- 2008-06-15 15:02:02
    16 Juin 2008 17:35:54

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:25:48, on 16/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\Explorer.exe
    C:\Users\Philippe\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 8369 bytes
    16 Juin 2008 18:38:55

    Connait pas ça :
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    Fix le !

    Pour l'onglet, c'est au niveau des paramètres de compatibilité !
    16 Juin 2008 18:44:01

    comment on fix ?
    Alors à cet onglet rien n'est cochable il est écirt : les modes de compatibilités ne peuvent être appliqués à ce programme car il fait parti de cette version de Windows.
    Mais la case executer ce programme en tant qu'administrateur n'est pas cochée
    a b 8 Sécurité
    16 Juin 2008 19:02:10

    Pourquoi reposter ces rapports ?

    Red, quand on ne connait pas une ligne, on ne l'a fait pas fixer pour autant !
    Ce n'est pas une infection, pas besoin de toucher à la ligne.
    16 Juin 2008 19:05:34

    En tout cas Avira ne detecte plus rien ... C'est déjà ca. Merci de votre aide. Comment écrit on résolu au titre du sujet ?
    =)
    16 Juin 2008 19:09:47

    J'ai trouvé ^^
    Bonne soirée
    Au revoir
    16 Juin 2008 19:19:07

    C'est bizarre son IE qui se lance en administrateur ... Vive vista :D 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS