Se connecter / S'enregistrer
Votre question

Demande d'aide pour nettoyage de PC infecté !!!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Avril 2008 10:24:01

Bonjour, je pense que mon ordinateur est infecté.
J'ai deja fait pas mal de scan qui m'ont trouvé des Trojan et virus/ver. Beaucoup ont été supprimés.
Hors j'ai toujours quelques problèmes car il m'est impossible de faire un recherche sur le net, de taper une adresse ou encore de choisir un site dans mes favoris.
J'ai découvert hier où etait le problème (enfin je suppose) : aliceeadsl.exe situé dans system32. Lorsque je supprime ce fichier, il réapparrait directement dans le fichier.

Comment puis-je le supprimer ???

Merci

Autres pages sur : demande aide nettoyage infecte

22 Avril 2008 10:36:46

Tu peux retenter le scan de ton antivirus ou sinon carrément tout formater car là au moins tu peux être sur que cela ne reviendra pas.
Tu peux aussi aller la dessus: http://www.hijackthis.de/fr
c'est un logiciel qui te permet de voir quelles sont les fichiers mauvais dans ton PC. Au moin tu seras fixé.
22 Avril 2008 11:28:11

J'ai vu sur les autres discutions des demandes de rapports avec Bitdefender ! Donc voici le mien, si ca peut aider !!

IMPOSSIBLE DE LE FORMATER MON ORDI


BitDefender Online Scanner



Rapport d'analyse généré à: Mon, Apr 21, 2008 - 17:32:28





Voie d'analyse: C:\;D:\;E:\;







Statistiques

Temps
00:47:42

Fichiers
117032

Directoires
7071

Secteurs de boot
3

Archives
1207

Paquets programmes
15260




Résultats

Virus identifiés
10

Fichiers infectés
59

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
59




Info sur les moteurs

Définition virus
1169013

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
41

Unpack des plugins
7

E-mail plugins
6

Système plugins
5




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046519.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046520.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046522.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046524.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046526.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Détecté avec: Adware.Slagent.FQ

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046527.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046529.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046530.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046531.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Détecté avec: Adware.Navipromo.BYT

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046532.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Infecté par: Trojan.Vundo.EGX

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365\A0046770.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048908.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048909.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048910.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048912.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048913.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048914.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048915.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048916.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048917.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048918.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Infecté par: Trojan.Vundo.EGX

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048919.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048920.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048921.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048922.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048923.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048924.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048929.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048930.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048931.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Infecté par: Trojan.Vundo.EGN

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048932.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Infecté par: Trojan.Vundo.GK

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048933.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048934.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Infecté par: Trojan.Vundo.GK

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048935.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048936.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Infecté par: Trojan.Vundo.EGW

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0048937.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Infecté par: Trojan.Vundo.EHH

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367\A0049956.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Infecté par: Trojan.Vundo.EHH

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050064.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Détecté avec: Adware.Virtumonde.GIM

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368\A0050066.dll
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056321.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056324.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056325.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056326.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056327.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056328.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056329.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056330.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056331.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056332.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056333.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056334.exe
Supprimé

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Infecté par: Packer.Malware.Crypter.C

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Echec de la désinfection

C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0056335.exe
Supprimé

C:\WINDOWS\system32\ajqldwvv.dll
Infecté par: Trojan.Vundo.GK

C:\WINDOWS\system32\ajqldwvv.dll
Supprimé

C:\WINDOWS\system32\aliceeadsl.exe
Infecté par: Packer.Malware.Crypter.C

C:\WINDOWS\system32\aliceeadsl.exe
Echec de la désinfection

C:\WINDOWS\system32\aliceeadsl.exe
Supprimé

C:\WINDOWS\system32\cvqhftrv.dll
Infecté par: Trojan.Vundo.EHH

C:\WINDOWS\system32\cvqhftrv.dll
Supprimé

C:\WINDOWS\system32\gfnsugyl.dll
Infecté par: Trojan.Vundo.GK

C:\WINDOWS\system32\gfnsugyl.dll
Supprimé

C:\WINDOWS\system32\ihhexpkw.dll
Infecté par: Trojan.Vundo.EGU

C:\WINDOWS\system32\ihhexpkw.dll
Supprimé

C:\WINDOWS\system32\mnsgcmvu.dll
Infecté par: Trojan.Vundo.GK

C:\WINDOWS\system32\mnsgcmvu.dll
Supprimé

C:\WINDOWS\system32\priyigau.dll
Infecté par: Trojan.Vundo.EGU

C:\WINDOWS\system32\priyigau.dll
Supprimé
Contenus similaires
22 Avril 2008 11:51:26

salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce Tuto.
22 Avril 2008 17:28:37

Voici mon rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:43, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\aliceeadsl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BMf39960b2] Rundll32.exe "C:\WINDOWS\system32\rvpvimuj.dll",s
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\MARJOL~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 14178 bytes
22 Avril 2008 17:36:11

Re,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

******

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
22 Avril 2008 23:09:06

VOILA TT DABOR LE RAPPORT SDFIX
J'espere qu'il est bon, car lors de l'aplication une fenetre Sous systeme m'a dit : D: /programfiles/avast/aswmondvd.dll L'initialisation de la dll d'un pilote de périphérique installalbe a échoué !!!

Sinon en + de aliceeadsl comme je vous ai dit tout au début, il y a Rvpvimuj.dll dans système 32 qui est infecté (j'ai constament un message d'alerte) mais impossible de supprimer ce fichier !!

Bon zou, je fais la suite !!

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\yeTyezzd.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:56:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:D 9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:D 9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
"khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\WINSOS\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\WINSOS\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\WINSOS\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Mes documents\\eMule\\emule.exe"="D:\\Mes documents\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 10 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT1.tmp"
Sat 5 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT2.tmp"
Thu 14 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2.tmp"

Finished!
23 Avril 2008 00:58:04

Continue ;) 
23 Avril 2008 08:07:27

Yes je continue !!!
Voici le rapport Combofix !!!


ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QALWPMDGT


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11

Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres

230 --- E O F --- 2008-03-12 02:04:17
23 Avril 2008 13:02:43

Re,

Il en reste.

Fais-ceci à titre de vérification.

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
23 Avril 2008 13:32:16

Voila le rapport !!!!

Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

aliceeadsl.exe trouvé !

* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
25 Avril 2008 08:54:45

Au secours !!!!!!!!!! Y'a pu personne ???
25 Avril 2008 12:16:10

Re,

Désolé, j'ai du zapper le sujet.
Reposte un nouveau rapport ComboFix.
25 Avril 2008 13:39:48

Yes je continue !!!
Voici le rapport Combofix !!!


ComboFix 08-04-20.5 - Marjolaine 2008-04-22 23:12:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\kiasys.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxujxed.ini
C:\WINDOWS\system32\akfaoytv.ini
C:\WINDOWS\system32\eblhocus.ini
C:\WINDOWS\system32\edqqeoxh.ini
C:\WINDOWS\system32\egewdofc.ini
C:\WINDOWS\system32\eisieafx.ini
C:\WINDOWS\system32\fffywfjg.dll
C:\WINDOWS\system32\hvuebbvm.dll
C:\WINDOWS\system32\ifyaablj.ini
C:\WINDOWS\system32\jjijasus.ini
C:\WINDOWS\system32\kfucalku.ini
C:\WINDOWS\system32\Kjijmnnn.ini
C:\WINDOWS\system32\Kjijmnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ocjvjije.ini
C:\WINDOWS\system32\pbxuqjjm.dll
C:\WINDOWS\system32\pornchpb.ini
C:\WINDOWS\system32\qjmrvnbm.dll
C:\WINDOWS\system32\rvpvimuj.dll
C:\WINDOWS\system32\syqytqek.ini
C:\WINDOWS\system32\sytftmgy.ini
C:\WINDOWS\system32\tmixrluc.ini
C:\WINDOWS\system32\uftvmdfu.ini
C:\WINDOWS\system32\vookdotf.ini
C:\WINDOWS\system32\vrtfhqvc.ini
C:\WINDOWS\system32\wcejkh.dat
C:\WINDOWS\system32\wcejkh_nav.dat
C:\WINDOWS\system32\wcejkh_navps.dat
C:\WINDOWS\system32\wniteeme.ini
C:\WINDOWS\system32\woyunrom.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QALWPMDGT


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 18:26 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\DAEMON Tools
2008-02-22 17:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-22 17:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 15:19:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:20:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 23:44:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 21:41:11

Pre-Run: 9,073,041,408 octets libres
Post-Run: 9,211,904,000 octets libres

230 --- E O F --- 2008-03-12 02:04:17


25 Avril 2008 13:41:11

TU MA DEMANDER DE FAIRE AVEC NAVILOG ENSUITE !!!! DONC VOICI LE DERNIER RAPPORT !!!


Voila le rapport !!!!

Search Navipromo version 3.5.4 commencé le 23/04/2008 à 17:22:54,52

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Marjolaine"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Marjolaine\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

aliceeadsl.exe trouvé !

* Dans "C:\Documents and Settings\Marjolaine\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 23/04/2008 à 17:30:16,90 ***
25 Avril 2008 13:51:40

Re,

Je n'ai pas demandé un rapport Navilog et j'ai demandé un Nouveau rapport ComboFix, tu m'as posté celui d'il ya deux jours.
Tu relances le logiciel et me postes le nouveau rapport.

P.S: N'écris pas en majuscule, ça fait enragé ..
25 Avril 2008 13:55:40

Ah désolé, je croyais que tu voulais que je te reposte celui d'avant car t'avais perdu le file de la convers' ! désolé !
Ok j'écris plus en GROS !!!
Je refais un Combofix et te le poste ce soir, car la je suis pas sur mon ordi !
25 Avril 2008 19:36:10

ComboFix 08-04-20.5 - Marjolaine 2008-04-25 19:02:26.2 - NTFSx86
Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:05 . 2008-04-21 17:22 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
2008-04-11 11:46 . 2007-04-11 21:39 709,135 ---hs---- C:\WINDOWS\system32\hsrpxspr.ini
2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
2008-04-07 11:17 . 2008-04-14 20:27 <REP> d-------- C:\VundoFix Backups
2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_23.39.40.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
- 2007-09-11 21:00:42 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-22 22:49:42 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-09-11 21:00:57 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-22 22:49:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-09-11 21:00:57 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-22 22:49:08 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-11 21:01:00 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-22 22:49:59 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-09-11 21:00:52 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-22 22:49:26 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-09-11 21:01:07 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-22 22:49:56 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-09-11 21:00:47 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-22 22:49:21 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-09-11 21:00:41 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-22 22:49:36 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-09-11 21:00:35 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-22 22:49:23 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-09-11 21:00:37 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-22 22:49:40 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-09-11 21:00:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-09-11 21:00:55 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-22 22:49:49 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-09-11 21:00:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-22 22:49:51 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-09-11 21:00:38 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-22 22:50:07 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-09-11 21:00:39 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-22 22:50:08 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-09-11 21:00:40 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-22 22:50:10 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-09-11 21:00:41 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-22 22:50:11 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-09-11 21:00:38 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-22 22:49:52 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-09-11 21:01:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-22 22:49:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-09-11 21:01:09 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-22 22:49:46 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-09-11 21:00:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-22 22:50:00 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-09-11 21:01:08 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-22 22:49:45 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-09-11 21:01:10 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-22 22:49:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-09-11 21:00:34 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-22 22:50:04 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-09-11 21:00:33 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-22 22:49:44 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-09-11 21:00:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-22 22:49:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-09-11 21:01:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-22 22:49:53 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-09-11 21:00:43 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-22 22:49:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-09-11 21:01:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-22 22:49:24 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-09-11 21:01:01 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-22 22:49:28 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-09-11 21:00:36 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-22 22:49:29 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-09-11 21:00:53 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-22 22:50:13 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-09-11 21:00:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-22 22:50:09 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-09-11 21:00:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-22 22:49:37 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-09-11 21:00:45 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-22 22:50:02 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-09-11 21:01:05 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-22 22:49:15 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-09-11 21:01:01 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-22 22:50:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-09-11 21:01:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-22 22:50:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-09-11 21:01:02 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-22 22:49:58 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-09-11 21:01:02 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-22 22:49:57 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-09-11 21:00:42 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-22 22:49:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-09-11 21:00:45 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-22 22:49:18 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-09-11 21:01:07 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-22 22:49:34 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-09-11 21:00:48 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-22 22:49:35 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-09-11 21:00:49 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-22 22:49:32 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-09-11 21:00:50 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-22 22:49:38 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-09-11 21:00:51 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-22 22:49:19 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-09-11 21:01:04 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-22 22:49:30 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-23 05:48:45 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-23 05:49:08 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-23 05:49:14 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-23 05:49:11 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-23 05:49:19 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-23 05:49:24 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-23 05:49:36 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-23 05:49:37 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-23 05:49:43 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-22 22:52:31 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-23 05:49:45 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-23 05:41:03 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-23 05:49:48 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-23 05:43:03 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-23 05:49:50 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-23 05:49:52 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-23 05:44:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-23 05:43:26 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-23 05:49:54 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-23 05:49:54 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-23 05:49:56 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-23 05:49:57 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-23 05:49:58 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-23 05:50:23 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-23 05:50:24 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-23 05:50:28 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-23 05:50:18 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-23 05:46:04 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-23 05:47:05 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-23 05:38:42 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2008-04-22 21:18:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-12 02:02:22 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-22 22:45:19 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-12 02:02:22 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-22 22:45:19 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-12 02:02:22 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-22 22:45:19 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-12 02:02:22 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-22 22:45:18 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 02:02:22 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-22 22:45:19 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-12 02:02:22 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-22 22:45:19 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-12 02:02:22 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-22 22:45:20 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-12 02:02:22 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-22 22:45:20 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-12 02:02:22 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-22 22:45:19 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-12 02:02:22 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-22 22:45:19 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-12 02:02:22 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-22 22:45:20 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-12 02:02:22 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-22 22:45:18 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-12 02:02:22 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-22 22:45:18 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-20 23:10:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-23 23:52:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-20 23:10:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 23:52:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-10-11 06:13:38 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
- 2007-10-11 06:13:38 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
- 2007-10-11 06:13:38 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
+ 2008-02-16 09:02:34 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\DllCache\extmgr.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\DllCache\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\DllCache\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-20 17:34:38 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-23 05:38:54 1,539,824 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-04-12 10:54:50 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-22 22:50:27 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 10:54:50 72,564 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-22 22:50:27 74,336 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-12 10:54:50 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-22 22:50:27 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-12 10:54:50 461,642 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-22 22:50:27 467,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\sys
25 Avril 2008 23:09:57

Peux-tu poster la suite du rapport stp.
26 Avril 2008 11:06:12

Désolée j'ai pas fait attention que c'était trop long !

- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 21:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-22 22:49:47 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2007-09-11 21:00:35 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-22 22:50:06 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-09-11 21:00:35 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-04-22 22:50:06 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-21 17:22 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
"nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
"nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
"NT Security Service"= NTSecurity.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 01:07:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 19:09:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-04-25 19:32:44
ComboFix-quarantined-files.txt 2008-04-25 17:30:00
ComboFix2.txt 2008-04-22 21:44:44

Pre-Run: 8,702,775,296 octets libres
Post-Run: 8,810,135,552 octets libres

746 --- E O F --- 2008-04-22 22:52:33
26 Avril 2008 13:06:35

Pas grave.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\hsrpxspr.ini
C:\WINDOWS\system32\aliceeadsl.exe

Folder::
C:\VundoFix Backups

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"=-
"NT Security Service"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"Symantec PIF AlertEng"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"aliceeadsl"=-


Ouvre le Bloc-notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

*******

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

******

1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm

2) Télécharge Dr.Web CureIt sur ton Bureau:
Rend toi sur cette page afin de télécharger le fichier CureIt.com > http://www.sendspace.com/file/9nnh7y
pour cela, clique sur le lien en bas de page > Download Link: CureIt.com
  • Double clique sur le fichier drweb-cureit.com
    Si le lien ne marche pas : ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
    et ensuite clique sur commencer le scan.
  • Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire ; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
    **Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
  • Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
  • Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique sur "Ok"
  • De retour à la fenêtre principale : clique sur le bouton radio "Analyse complète".
  • Clique sur la flèche verte sur la droite, et le scan débutera.
  • Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique sur "Désinfecter".
  • Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés :
  • Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
  • Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
  • Ferme Dr.Web Cureit
  • Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.
    26 Avril 2008 20:07:03

    RAPPORT COMBOFIX


    ComboFix 08-04-20.5 - Marjolaine 2008-04-26 19:49:47.3 - NTFSx86
    Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Marjolaine\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\aliceeadsl.exe
    C:\WINDOWS\system32\hsrpxspr.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups
    C:\VundoFix Backups\addmorefiles.txt
    C:\WINDOWS\system32\aliceeadsl.exe
    C:\WINDOWS\system32\hsrpxspr.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
    2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 19:20 . 2008-04-22 23:01 <REP> d-------- C:\SDFix
    2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
    2008-04-19 14:17 . 2008-04-19 14:17 474,624 --a------ C:\WINDOWS\winvnc.exe
    2008-04-19 14:17 . 2008-04-19 14:17 60,928 --a------ C:\WINDOWS\vnchooks.dll
    2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
    2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
    2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
    2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
    2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
    2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-04-15 14:46 . 2008-04-19 14:17 288,376 --a------ C:\WINDOWS\xr4tdwa.exe
    2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
    2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
    2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
    2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
    2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
    2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
    2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml
    2008-03-26 22:38 . 2008-03-27 09:12 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\FileZilla
    2008-03-26 22:37 . 2008-03-26 22:37 <REP> d-------- C:\Program Files\FileZilla FTP Client

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
    2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
    2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
    2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
    2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
    2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-02-26 21:12 --------- d-----w C:\Program Files\Bonjour
    2008-02-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-26 16:43 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
    2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
    2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
    2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
    "TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
    "nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
    "nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
    R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
    S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
    C:\WINDOWS\system32\aliceeadsl.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-26 00:01:15 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-26 19:53:58
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-26 19:59:13
    ComboFix-quarantined-files.txt 2008-04-26 17:58:08
    ComboFix2.txt 2008-04-25 17:32:50
    ComboFix3.txt 2008-04-22 21:44:44

    Pre-Run: 8,751,599,616 octets libres
    Post-Run: 8,745,332,736 octets libres

    163 --- E O F --- 2008-04-22 22:52:33
    26 Avril 2008 23:57:49

    RAPPORT CUREIT DrWEB



    Process.exe C:\Program Files\Navilog1 Tool.Prockill Quarantaine.
    fffywfjg.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
    hvuebbvm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
    pbxuqjjm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
    qjmrvnbm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
    rvpvimuj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based Irréparable.Quarantaine.
    Process.exe C:\SDFix\apps Tool.Prockill Quarantaine.
    A0041020.0xe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP352 Trojan.PWS.LDPinch.3228 Supprimé.
    A0043907.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
    A0043943.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP363 Trojan.Virtumod.346 Supprimé.
    A0044040.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0045037.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0045219.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0045237.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0046347.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0046440.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364 Trojan.Virtumod.346 Supprimé.
    A0046543.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
    A0046646.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
    A0046662.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
    A0046723.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
    A0046772.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP365 Trojan.Virtumod.346 Supprimé.
    A0047853.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0047875.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0048911.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
    A0048925.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
    A0048926.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0048927.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
    A0048928.0LL C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366 Trojan.AVKill.408 Supprimé.
    A0048945.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP367 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050043.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.347 Supprimé.
    A0050044.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050063.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050065.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050067.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP368 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050879.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
    A0050880.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP371 Program.RemoteAdmin Quarantaine.
    A0050966.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0050967.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP372 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0055006.exe\data001 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
    A0055006.exe\data002 C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373\A0055006.exe Program.RemoteAdmin
    A0055006.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP373 L'archive contient des éléments infectés Quarantaine.
    A0056475.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0056477.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0056478.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0056479.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0056480.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0056481.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP374 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061622.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061623.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061624.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061625.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061626.dll C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Trojan.Virtumod.based Irréparable.Quarantaine.
    A0061663.EXE C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP376 Program.PsExec.170 Quarantaine.
    A0063178.exe C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381 Tool.Prockill Quarantaine.
    vnchooks.dll C:\WINDOWS Program.RemoteAdmin Quarantaine.
    winvnc.exe C:\WINDOWS Program.RemoteAdmin Quarantaine.
    xr4tdwa.exe\data001 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
    xr4tdwa.exe\data002 C:\WINDOWS\xr4tdwa.exe Program.RemoteAdmin
    xr4tdwa.exe C:\WINDOWS L'archive contient des éléments infectés Quarantaine.
    27 Avril 2008 00:26:37

    Rapport SDFix ;) 
    27 Avril 2008 11:44:15


    SDFix: Version 1.175
    Run by Marjolaine on 26/04/2008 at 20:24

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-26 20:32:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:D 9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
    "khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:D 9,2d,0d,df,a5,d0,39,a6,d5,74,21,20,4b,cd,92,3f,42,a4,2d,ef,ac,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,2a,8d,07,35,73,f4,c0,16,7e,9d,78,58,5a,ce,d5,94,0c,..
    "khjeh"=hex:f8,00,b1,32,0c,d4,d4,be,0b,53,38,11,09,fb,bd,f1,38,a2,42,3c,36,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:ff,97,0e,84,45,f0,78,29,a1,1a,f8,ec,3c,fc,08,8d,b7,96,59,b5,80,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 3


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Thu 10 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT1.tmp"
    Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
    Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
    Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT2.tmp"
    Thu 14 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2.tmp"

    Finished!

    27 Avril 2008 11:51:46

    Re,

    C'est mieux ?

    Reposte un HijackthiS.
    27 Avril 2008 12:08:23

    ben j'ai toujours mon anti virus qui detecte des truc qui peut pas supprimer !!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:07:59, on 27/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\tp4serv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.live.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{121D9ABD-048B-47EE-BD35-3DCCDF8211A8}: NameServer = 192.168.0.254
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 12039 bytes
    27 Avril 2008 12:29:35

    Repasse ComboFix, poste le rapport.
    27 Avril 2008 13:05:49

    Ca sert a quoi que je fasse 15 fois les meme trucs ??

    RAPPORT COMBOFIX

    ComboFix 08-04-20.5 - Marjolaine 2008-04-27 13:06:43.4 - NTFSx86
    Endroit: C:\Documents and Settings\Marjolaine\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-26 20:51 . 2008-04-26 20:51 <REP> d-------- C:\Documents and Settings\Marjolaine\DoctorWeb
    2008-04-23 17:21 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Navilog1
    2008-04-22 20:28 . 2008-04-22 20:28 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 19:20 . 2008-04-26 20:36 <REP> d-------- C:\SDFix
    2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-21 16:41 . 2008-04-21 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-20 21:51 . 2008-04-20 21:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
    2008-04-18 21:07 . 2008-04-18 21:07 <REP> d-------- C:\Documents and Settings\Marjolaine\Mes documents
    2008-04-18 12:50 . 2008-04-18 17:27 <REP> d-------- C:\Documents and Settings\Marjolaine\Contacts
    2008-04-18 12:49 . 2008-04-20 21:50 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\F-Secure
    2008-04-17 22:09 . 2008-04-17 22:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-04-15 18:39 . 2008-04-15 18:39 <REP> d-------- C:\Documents and Settings\Marjolaine\Application Data\ispnews
    2008-04-15 18:34 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-15 18:34 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-15 18:33 . 2008-04-15 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-15 18:30 . 2008-04-15 18:33 <REP> d-------- C:\Program Files\AntivirusFirewall
    2008-04-15 18:30 . 2008-04-15 18:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-04-15 14:46 . 2008-04-15 14:46 65,024 --a------ C:\WINDOWS\bmpl.dll
    2008-04-14 22:59 . 2008-04-14 22:59 3,114 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    2008-04-14 18:53 . 2008-04-14 18:53 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-12 12:50 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Google
    2008-04-11 00:18 . 2008-04-11 00:18 <REP> d-------- C:\SMRTNTKY
    2008-04-11 00:18 . 2004-08-04 00:55 28,672 --a------ C:\setupSNK.exe
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\srchasst
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\WINDOWS\peernet
    2008-04-09 11:18 . 2008-04-09 11:18 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-04-07 08:07 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
    2008-04-07 08:07 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
    2008-04-07 07:53 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-04-07 07:53 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-04-07 07:53 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-04-06 20:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-04-06 20:07 . 2008-04-06 20:40 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-04-06 19:26 . 2008-04-14 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-05 20:56 . 2008-04-09 11:36 7,300 --a------ C:\Documents and Settings\Marjolaine\Application Data\update.log
    2008-04-05 15:18 . 2008-04-22 19:37 109,111 --a------ C:\WINDOWS\BMf39960b2.xml

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-18 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-14 21:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-14 20:59 --------- d-----w C:\Program Files\Symantec
    2008-04-14 16:52 --------- d-----w C:\Program Files\eMule
    2008-03-27 07:12 --------- d-----w C:\Documents and Settings\Marjolaine\Application Data\FileZilla
    2008-03-26 20:37 --------- d-----w C:\Program Files\FileZilla FTP Client
    2008-03-20 19:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-20 19:08 --------- d-----w C:\Program Files\AvantGo Connect
    2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
    2008-03-16 19:10 --------- d-----w C:\Program Files\DVD Decrypter
    2008-03-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
    2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll
    2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\DllCache\iedw.exe
    2008-02-13 20:21 37,888 ----a-w C:\WINDOWS\system32\rar.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-25_19.25.53,94 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-25 16:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-27 09:38:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-21 00:32:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-04-26 03:39:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    - 2008-04-22 20:50:58 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-04-26 18:20:56 7,782,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    - 2008-04-22 20:50:59 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-04-26 18:20:57 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20 401491]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
    "TrackPointSrv"="tp4serv.exe" [2005-07-13 03:55 94208 C:\WINDOWS\system32\tp4serv.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlpo_01"="cmd.exe" [2004-08-03 23:54 400896 C:\WINDOWS\system32\cmd.exe]
    "nlpo_02"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]
    "nlpo_03"="advpack.dll" [2004-08-03 23:54 101888 C:\WINDOWS\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-15 18:31]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-15 18:52]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 12:35]
    R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 03:55]
    S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b4b4c8d3-87ac-3e5a-738a-c154f40d8901}]
    C:\WINDOWS\system32\aliceeadsl.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-17 17:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-27 09:41:39 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-27 13:10:26
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-27 13:14:04
    ComboFix-quarantined-files.txt 2008-04-27 11:13:38
    ComboFix2.txt 2008-04-26 17:59:14
    ComboFix3.txt 2008-04-25 17:32:50
    ComboFix4.txt 2008-04-22 21:44:44

    Pre-Run: 8,821,596,160 octets libres
    Post-Run: 8,829,509,632 octets libres

    159 --- E O F --- 2008-04-22 22:52:33
    27 Avril 2008 13:17:32

    ...
    ....
    ......'
    27 Avril 2008 13:25:05

    Je l'ai posté juste au dessus !!
    27 Avril 2008 13:58:35

    Re,

    Je ne vois rien de spécial, tu dis que ton antiVirus bloque sur des fichiers.
    Fais une analyse en mode sans échec, puis poste-moi le rapport ;) 
    27 Avril 2008 20:58:39

    Je n'arrive meme pas a l'ouvrir en mode sans echec ! et puis quand je fais un scan en mode normal, mon rapport ne s'affiche meme plus ! Et je ne le trouve pas! grrr
    28 Avril 2008 08:35:44

    si j'arrive a démarrer mon ordi en mode sans echec, c'est mon anti virus qui veut pas ! mais je vais le réinstaller ! Et retenter !!
    28 Avril 2008 18:27:42

    Re,

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
    Autorise les active x.
    Clique sur Démarrer Online Scanner.
    Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
    Colle son rapport ici.
    29 Avril 2008 10:46:00

    J'ai résintallé mon antivirus, mais toujours pas de rapport !
    Je fais l'analyse kaspersky et je poste tout ca !
    29 Avril 2008 12:55:26

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, April 29, 2008 12:54:30 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/04/2008
    Kaspersky Anti-Virus database records: 730172
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 82981
    Number of viruses found: 8
    Number of infected objects: 40
    Number of suspicious objects: 0
    Duration of the scan process: 02:07:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047853.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0047875.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048926.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0048945.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050044.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050063.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050065.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050067.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050879.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050880.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050966.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0050967.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056477.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056479.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056480.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0056481.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061622.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061623.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061624.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061625.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\A0061626.dll Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\fffywfjg.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\hvuebbvm.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\pbxuqjjm.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\qjmrvnbm.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\rvpvimuj.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
    C:\Documents and Settings\Marjolaine\DoctorWeb\Quarantine\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
    C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0045231.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP364\A0046252.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046796.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0046814.0XE Infected: not-virus:Hoax.Win32.Renos.bmh skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP366\A0047850.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP377\A0062102.exe Inno: infected - 1 skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064282.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP381\A0064283.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP383\change.log Object is locked skipped
    C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
    29 Avril 2008 13:37:17

    VOILA, c'est ce fameux Packed.Win32.Monder.gen que mon antivirus detecte ! mais je ne sais pas ce que c'est, et il ne me le supprime pas.
    29 Avril 2008 21:45:40

    C'est fait,je vais refaire une analyse en ligne avec kaspersky !
    30 Avril 2008 07:40:09

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, April 30, 2008 7:39:41 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/04/2008
    Kaspersky Anti-Virus database records: 731654
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 70426
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:46:57

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Marjolaine\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Historique\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Marjolaine\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Marjolaine\NtUser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\AntivirusFirewall\Spam Control\log\fs_sa_log.txt Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{8D3E29D0-A712-49F9-829A-7BDBDCE7238B}\RP1\change.log Object is locked skipped
    C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{8A6DC99B-E458-4AC8-8B88-B133BDDA3A5E}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
    30 Avril 2008 09:10:50

    Ca a l'air bon la ! j'ai aussi tout regarder ligne par ligne le rapport d'hier et supprimer ce que je pouvais (en mode sans echec et normal) !
    Je vais refaire un scan avec mon antivirus voir s'il est calmé !
    3 Mai 2008 00:04:04

    Voila, je crois bien que le problemeest resolu !!!:)  :)  :) 
    Je n'ai plus de virus !!

    MERCI beaucoup ! ;) 
    3 Mai 2008 00:12:46

    Re:) 

    Télécharge ToolsCleaner2( de A.Rothstein)

  • Installe le sur ton Bureau
  • Clique sur [Recherche] pour lancer le scan
  • Clique sur [Supprimer] pour nettoyer les outils utilisés
  • Clique sur [Quitter],
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Egdaccess/Magic.control/Navipromo, Vundo
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    5 Mai 2008 21:43:17

    Tools cleaner bugg !
    Mais ca sert a quoi de faire ca ?
    6 Mai 2008 07:02:29

    Ça sert à nettoyer les outils utilisés, les supprimer.
    Il ne marche pas ?

    Supprime les alors à la main ;)  :
  • C:\Qoobox
  • C:\SDFix etc ..
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS