Votre question

Lenteur, bugs, gros problèmes...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Avril 2008 18:50:15

Bonjour tout le monde :) 
désolé je ne sais pas quels sont les logiciels utiliser pour poster les rapports...
Voilà mon ordinateur est très lent, alors j'ai utilisé Avast pour faire une analyse au démarrage, et j'ai l'impression que cette analyse a tout empirée...
Pouvez vous m'aider ??
Merci

Autres pages sur : lenteur bugs gros problemes

8 Avril 2008 13:04:58

personne pour m'aider ??
Contenus similaires
8 Avril 2008 17:11:30

Egwene a dit :
Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


Merci ;) 
Je fais ça de suite
8 Avril 2008 17:14:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:19, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\msnlogs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\IcoSauve.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Microsoft] svhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BM0fddfe9c] Rundll32.exe "C:\WINDOWS\system32\iqfrtees.dll",s
O4 - HKLM\..\Run: [0ceecd00] rundll32.exe "C:\WINDOWS\system32\qqbvgsdk.dll",b
O4 - HKLM\..\RunServices: [Microsoft] svhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Unknown owner - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7599 bytes
8 Avril 2008 22:21:21

Re,

Bien infecté(e) :) 

1) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    2) Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Télécharge Vundofix (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    N.B : Il se peut que vundofix ne détecte rien, dans ce cas-là pas de rapport nécessaire, dis-moi juste qu'il n'a rien trouvé.

    ;) 
    9 Avril 2008 00:40:20

    Merci pour ton aide Merillym ;) 

    voici le rapport de sdfix, je fais le reste de suite :


    SDFix: Version 1.167
    Run by monstrum on 08/04/2008 at 23:41

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\ADMINI~1.ORD\Bureau\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe - Deleted
    C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\temp_01.exe - Deleted
    C:\WINDOWS\system32\WinSpooler.exe - Deleted
    C:\WINDOWS\system32\WinUpdating.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 00:01:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:c67092a3
    "s2"=dword:40cf06dd
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    "h0"=dword:00000001
    "ujdew"=hex:56,b1,b0,3e,94,73,f4,38,1c,95,5e,70,9b,76,92,35,62,cf,5f,b2,53,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:c3,fa,a7,15,02,e5,58,b1,ac,2d,04,a1,da,d7,36,67,ed,b5,fc,94,1c,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    "h0"=dword:00000001
    "ujdew"=hex:56,b1,b0,3e,94,73,f4,38,1c,95,5e,70,9b,76,92,35,62,cf,5f,b2,53,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:c3,fa,a7,15,02,e5,58,b1,ac,2d,04,a1,da,d7,36,67,ed,b5,fc,94,1c,..

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\dllcache\ngrpci.sys 32840 bytes executable
    C:\WINDOWS\system32\dllcache\nic1394.sys 61824 bytes executable
    C:\WINDOWS\system32\dllcache\nikedrv.sys 12032 bytes executable
    C:\WINDOWS\system32\dllcache\nm5a2wdm.sys 126080 bytes executable
    C:\WINDOWS\system32\dllcache\nm6wdm.sys 87040 bytes executable
    C:\WINDOWS\system32\dllcache\nscirda.sys 28672 bytes executable
    C:\WINDOWS\system32\dllcache\nsmmc.sys 7552 bytes executable
    C:\WINDOWS\system32\dllcache\ntapm.sys 9472 bytes executable
    C:\WINDOWS\system32\dllcache\ntgrip.sys 51552 bytes executable
    C:\WINDOWS\system32\dllcache\opl3sax.sys
    C:\WINDOWS\system32\dllcache\oprghdlr.sys 3456 bytes executable
    C:\WINDOWS\system32\dllcache\otc06x5.sys
    C:\WINDOWS\system32\dllcache\otceth5.sys
    C:\WINDOWS\system32\dllcache\otcsercb.sys
    C:\WINDOWS\system32\dllcache\ovca.sys
    C:\WINDOWS\system32\dllcache\ovcam2.sys
    C:\WINDOWS\system32\dllcache\paqsp.dll 157696 bytes executable
    C:\WINDOWS\system32\dllcache\parport.sys
    C:\WINDOWS\system32\dllcache\pc100nds.sys
    C:\WINDOWS\system32\dllcache\pca200e.sys
    C:\WINDOWS\system32\dllcache\pci.sys 68608 bytes executable
    C:\WINDOWS\system32\dllcache\pciide.sys
    C:\WINDOWS\system32\dllcache\pciidex.sys
    C:\WINDOWS\system32\dllcache\pcmcia.sys
    C:\WINDOWS\system32\dllcache\pcmlm56.sys
    C:\WINDOWS\system32\dllcache\pcntn5hl.sys
    C:\WINDOWS\system32\dllcache\pcntn5m.sys
    C:\WINDOWS\system32\dllcache\pcntpci5.sys
    C:\WINDOWS\system32\dllcache\pctspk.exe
    C:\WINDOWS\system32\dllcache\pcx500.sys
    C:\WINDOWS\system32\dllcache\perc2.sys
    C:\WINDOWS\system32\dllcache\perc2hib.sys
    C:\WINDOWS\system32\dllcache\perm2.sys
    C:\WINDOWS\system32\dllcache\perm2dll.dll
    C:\WINDOWS\system32\dllcache\perm3.sys
    C:\WINDOWS\system32\dllcache\perm3dd.dll
    C:\WINDOWS\system32\dllcache\phdsext.ax
    C:\WINDOWS\system32\dllcache\philcam1.dll
    C:\WINDOWS\system32\dllcache\philcam1.sys
    C:\WINDOWS\system32\dllcache\philcam2.sys
    C:\WINDOWS\system32\dllcache\phildec.sys
    C:\WINDOWS\system32\dllcache\philtune.sys
    C:\WINDOWS\system32\dllcache\phvfwext.dll
    C:\WINDOWS\system32\dllcache\pid.dll
    C:\WINDOWS\system32\dllcache\pjlmon.dll
    C:\WINDOWS\system32\dllcache\plugin.ocx
    C:\WINDOWS\system32\dllcache\pnrmc.sys
    C:\WINDOWS\system32\dllcache\portcls.sys
    C:\WINDOWS\system32\dllcache\powerfil.sys
    C:\WINDOWS\system32\dllcache\ppa.sys
    C:\WINDOWS\system32\dllcache\ppa3.sys
    C:\WINDOWS\system32\dllcache\prnport.vbs.new
    C:\WINDOWS\system32\dllcache\ovcd.sys 28032 bytes executable

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 153


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:D isabled:Antivirus Firewall"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:D isabled:Azureus"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:D isabled:Bonjour"
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:D isabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:D isabled:D reamweaver 8"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:D isabled:eMule"
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:D isabled:FlashFXP v3"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:D isabled:Flashget"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:D isabled:LimeWire"
    "C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:D isabled:SoF2MP"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:D isabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:D isabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"="C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\ADMINI~1.ORD\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Thu 3 Apr 2008 692,359 ..SH. --- "C:\WINDOWS\system32\arhyibrx.tmp"
    Wed 2 Apr 2008 4,678,314 ..SH. --- "C:\WINDOWS\system32\bchbejke.tmp"
    Mon 24 Mar 2008 1,548,953 ..SH. --- "C:\WINDOWS\system32\faxwfxlw.tmp"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Thu 27 Mar 2008 1,566,607 ..SH. --- "C:\WINDOWS\system32\hyggxrto.tmp"
    Wed 21 Feb 2007 31,744 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Sun 30 Mar 2008 1,561,471 ..SH. --- "C:\WINDOWS\system32\ptlbwgww.tmp"
    Sun 8 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
    Tue 15 May 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
    Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
    Sun 8 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
    Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT6.tmp"

    Finished!



    p.s : les cracks sont-ils succeptibles de repropager le virus, même si je ne les utilisent pas ??
    9 Avril 2008 02:03:44

    le rapport de VUndoFix :

    VundoFix V7.0.3

    Scan started at 00:49:49 09/04/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\afuxgcdt.dll
    C:\WINDOWS\system32\bhcdinhf.dll
    C:\WINDOWS\system32\cvalgfir.dll
    C:\windows\system32\ddcbbay.dll
    C:\WINDOWS\system32\dtdowdam.dll
    C:\WINDOWS\system32\euohpiel.dll
    C:\WINDOWS\system32\exxqdjwu.dll
    C:\WINDOWS\system32\fbkhfnww.dll
    C:\WINDOWS\system32\fsxsumwm.dll
    C:\WINDOWS\system32\gxgmsemg.dll
    C:\WINDOWS\system32\iqfrtees.dll
    C:\WINDOWS\system32\jpistyyk.ini
    C:\WINDOWS\system32\kyytsipj.dll
    C:\WINDOWS\system32\leiphoue.ini
    C:\WINDOWS\system32\lrmnuajf.dll
    C:\WINDOWS\system32\lspqqcqe.dll
    C:\WINDOWS\system32\mitebhar.dll
    C:\WINDOWS\system32\mnoxdgjs.dll
    C:\WINDOWS\system32\ncckluiw.dll
    C:\windows\system32\pmkjg.dll
    C:\WINDOWS\system32\qcrfumuq.dll
    C:\WINDOWS\system32\ssqPjijK.dll
    C:\WINDOWS\system32\tbtttatp.dll
    C:\WINDOWS\system32\ttiqfcsw.dll
    C:\WINDOWS\system32\uanxlmsp.dll
    C:\WINDOWS\system32\uwjdqxxe.ini
    C:\WINDOWS\system32\vbxinkpw.dll
    C:\WINDOWS\system32\vlaxvcrx.dll
    C:\WINDOWS\system32\ybraokoi.dll
    C:\WINDOWS\system32\yuolfqbv.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\afuxgcdt.dll
    C:\WINDOWS\system32\afuxgcdt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bhcdinhf.dll
    C:\WINDOWS\system32\bhcdinhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cvalgfir.dll
    C:\WINDOWS\system32\cvalgfir.dll Has been deleted!

    Attempting to delete C:\windows\system32\ddcbbay.dll
    C:\windows\system32\ddcbbay.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dtdowdam.dll
    C:\WINDOWS\system32\dtdowdam.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\euohpiel.dll
    C:\WINDOWS\system32\euohpiel.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\exxqdjwu.dll
    C:\WINDOWS\system32\exxqdjwu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\fbkhfnww.dll
    C:\WINDOWS\system32\fbkhfnww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fsxsumwm.dll
    C:\WINDOWS\system32\fsxsumwm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gxgmsemg.dll
    C:\WINDOWS\system32\gxgmsemg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iqfrtees.dll
    C:\WINDOWS\system32\iqfrtees.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jpistyyk.ini
    C:\WINDOWS\system32\jpistyyk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kyytsipj.dll
    C:\WINDOWS\system32\kyytsipj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\leiphoue.ini
    C:\WINDOWS\system32\leiphoue.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lrmnuajf.dll
    C:\WINDOWS\system32\lrmnuajf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lspqqcqe.dll
    C:\WINDOWS\system32\lspqqcqe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mitebhar.dll
    C:\WINDOWS\system32\mitebhar.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnoxdgjs.dll
    C:\WINDOWS\system32\mnoxdgjs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ncckluiw.dll
    C:\WINDOWS\system32\ncckluiw.dll Has been deleted!

    Attempting to delete C:\windows\system32\pmkjg.dll
    C:\windows\system32\pmkjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qcrfumuq.dll
    C:\WINDOWS\system32\qcrfumuq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqPjijK.dll
    C:\WINDOWS\system32\ssqPjijK.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tbtttatp.dll
    C:\WINDOWS\system32\tbtttatp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ttiqfcsw.dll
    C:\WINDOWS\system32\ttiqfcsw.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\uanxlmsp.dll
    C:\WINDOWS\system32\uanxlmsp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uwjdqxxe.ini
    C:\WINDOWS\system32\uwjdqxxe.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vbxinkpw.dll
    C:\WINDOWS\system32\vbxinkpw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vlaxvcrx.dll
    C:\WINDOWS\system32\vlaxvcrx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ybraokoi.dll
    C:\WINDOWS\system32\ybraokoi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yuolfqbv.dll
    C:\WINDOWS\system32\yuolfqbv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.3

    Scan started at 01:17:48 09/04/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\exxqdjwu.dll
    C:\WINDOWS\system32\lxnikvmk.dll
    C:\WINDOWS\system32\ssqPjijK.dll
    C:\WINDOWS\system32\ttiqfcsw.dll
    C:\WINDOWS\system32\uwjdqxxe.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\exxqdjwu.dll
    C:\WINDOWS\system32\exxqdjwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lxnikvmk.dll
    C:\WINDOWS\system32\lxnikvmk.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ssqPjijK.dll
    C:\WINDOWS\system32\ssqPjijK.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ttiqfcsw.dll
    C:\WINDOWS\system32\ttiqfcsw.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\uwjdqxxe.ini
    C:\WINDOWS\system32\uwjdqxxe.ini Has been deleted!

    Performing Repairs to the registry.
    Done!



    p.s : apparament, il n'arrive pas à supprimer cinq fichiers
    9 Avril 2008 02:08:45

    Et le rapport d'hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:08:01, on 09/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\msnlogm.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\msnlogs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\IcoSauve.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [0ceecd00] rundll32.exe "C:\WINDOWS\system32\uuvpqpdt.dll",b
    O4 - HKLM\..\Run: [BM0fddfe9c] Rundll32.exe "C:\WINDOWS\system32\lxnikvmk.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Unknown owner - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: fsbwsys - Unknown owner - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE (file missing)
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 7263 bytes
    9 Avril 2008 17:59:55

    :hello: 

    On continue :) 

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    ;) 
    9 Avril 2008 18:09:38

    Bonjour Merillym,
    comment dois-je faire pour me déconnecter d'internet ??
    avant avec orange je pouvais le faire, mais maintenant j'ai Alice.
    Merci
    9 Avril 2008 18:11:03

    pfff je suis bête, je vais débrancher l'alice box ;) 
    9 Avril 2008 18:49:27

    ComboFix 08-04-08.10 - monstrum 2008-04-09 18:19:58.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.265 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur.ORDI\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\#SharedObjects\6NS7HQCD\iforex.com
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\#SharedObjects\6NS7HQCD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\#SharedObjects\6NS7HQCD\www.broadcaster.com
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Administrateur.ORDI\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\lswmv.ini
    C:\Program Files\Fichiers communs\{0CEEC~1
    C:\Program Files\Fichiers communs\{0CEEC~2
    C:\Program Files\Fichiers communs\uninstall information
    C:\WINDOWS\BM0fddfe9c.xml
    C:\WINDOWS\msnlogm.exe
    C:\WINDOWS\msnlogs.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\arhyibrx.ini
    C:\WINDOWS\system32\awtuvvw.dll
    C:\WINDOWS\system32\begpkptp.dll
    C:\WINDOWS\system32\beiyncyg.dll
    C:\WINDOWS\system32\bjcearus.dll
    C:\WINDOWS\system32\bnqnghcj.dll
    C:\WINDOWS\system32\boyttvmf.dll
    C:\WINDOWS\system32\bthrxajb.dll
    C:\WINDOWS\system32\cbxyxuu.dll
    C:\WINDOWS\system32\ccknyjfh.ini
    C:\WINDOWS\system32\ccpjpkbs.dll
    C:\WINDOWS\system32\ckwlrjor.dll
    C:\WINDOWS\system32\cpibdjkd.dll
    C:\WINDOWS\system32\cqlnmidu.ini
    C:\WINDOWS\system32\dcoulqoq.dll
    C:\WINDOWS\system32\dlgvqjca.dll
    C:\WINDOWS\system32\dssqrwkp.dll
    C:\WINDOWS\system32\dxarjpaw.ini
    C:\WINDOWS\system32\efjjkwwf.dll
    C:\WINDOWS\system32\ejuujufc.dll
    C:\WINDOWS\system32\equloejv.ini
    C:\WINDOWS\system32\evdikvcu.dll
    C:\WINDOWS\system32\eytrpjja.dll
    C:\WINDOWS\system32\faxwfxlw.ini
    C:\WINDOWS\system32\faxwfxlw.tmp
    C:\WINDOWS\system32\fjcvxgsf.ini
    C:\WINDOWS\system32\flxrucqx.dll
    C:\WINDOWS\system32\fmvttyob.ini
    C:\WINDOWS\system32\fnrjeipx.dll
    C:\WINDOWS\system32\foccvhul.dll
    C:\WINDOWS\system32\fsgxvcjf.dll
    C:\WINDOWS\system32\fsyxxpvx.dll
    C:\WINDOWS\system32\fwwkjjfe.ini
    C:\WINDOWS\system32\fymolodm.ini
    C:\WINDOWS\system32\gebxuvt.dll
    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\gycnyieb.ini
    C:\WINDOWS\system32\haxmprkb.dll
    C:\WINDOWS\system32\hcqmvixi.dll
    C:\WINDOWS\system32\hensfcro.dll
    C:\WINDOWS\system32\hfjynkcc.dll
    C:\WINDOWS\system32\hmutulru.dll
    C:\WINDOWS\system32\ibuetvsy.dll
    C:\WINDOWS\system32\idtlfdyw.dll
    C:\WINDOWS\system32\iudhjwpf.dll
    C:\WINDOWS\system32\jifjbbao.dll
    C:\WINDOWS\system32\jitedcpc.dll
    C:\WINDOWS\system32\jkkifgg.dll
    C:\WINDOWS\system32\jkkllmn.dll
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini2
    C:\WINDOWS\system32\jqcocvxb.dll
    C:\WINDOWS\system32\jshsrwbr.ini
    C:\WINDOWS\system32\jslldueo.dll
    C:\WINDOWS\system32\jxbcanyq.ini
    C:\WINDOWS\system32\kdsgvbqq.ini
    C:\WINDOWS\system32\kfftyhal.dll
    C:\WINDOWS\system32\krmrwvye.dll
    C:\WINDOWS\system32\kteshflq.dll
    C:\WINDOWS\system32\kwyfvvdm.dll
    C:\WINDOWS\system32\lgbvmrwt.dll
    C:\WINDOWS\system32\lilcfmrt.ini
    C:\WINDOWS\system32\ljjggdc.dll
    C:\WINDOWS\system32\ljjkhgf.dll
    C:\WINDOWS\system32\lncldopt.dll
    C:\WINDOWS\system32\losnixgr.dll
    C:\WINDOWS\system32\lxkufxkr.dll
    C:\WINDOWS\system32\lxnikvmk.dll
    C:\WINDOWS\system32\mantec~1
    C:\WINDOWS\system32\mbqypqjg.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdolomyf.dll
    C:\WINDOWS\system32\mxeotarr.ini
    C:\WINDOWS\system32\nmcnmkrq.dll
    C:\WINDOWS\system32\nnnkkjh.dll
    C:\WINDOWS\system32\nnnnlli.dll
    C:\WINDOWS\system32\okjkkeed.dll
    C:\WINDOWS\system32\opnnlig.dll
    C:\WINDOWS\system32\orcfsneh.ini
    C:\WINDOWS\system32\oyrwiegw.dll
    C:\WINDOWS\system32\pdjeomsa.ini
    C:\WINDOWS\system32\pdtdbodd.dll
    C:\WINDOWS\system32\pucjprds.ini
    C:\WINDOWS\system32\qommjki.dll
    C:\WINDOWS\system32\qoqluocd.ini
    C:\WINDOWS\system32\qynacbxj.dll
    C:\WINDOWS\system32\rgxinsol.ini
    C:\WINDOWS\system32\rwdihnis.dll
    C:\WINDOWS\system32\sdrpjcup.dll
    C:\WINDOWS\system32\sggdyebn.dll
    C:\WINDOWS\system32\smante~1
    C:\WINDOWS\system32\ssqPjijK.dll
    C:\WINDOWS\system32\ssqpnnm.dll
    C:\WINDOWS\system32\svreouwx.dll
    C:\WINDOWS\system32\sxntspsf.ini
    C:\WINDOWS\system32\tdpqpvuu.ini
    C:\WINDOWS\system32\ttiqfcsw.dll
    C:\WINDOWS\system32\tuvssqp.dll
    C:\WINDOWS\system32\tuvwxvt.dll
    C:\WINDOWS\system32\urqnlmj.dll
    C:\WINDOWS\system32\urqpmjj.dll
    C:\WINDOWS\system32\urqrqop.dll
    C:\WINDOWS\system32\uwkbiqgp.dll
    C:\WINDOWS\system32\vaccmrps.dll
    C:\WINDOWS\system32\vjeoluqe.dll
    C:\WINDOWS\system32\vpggyjni.dll
    C:\WINDOWS\system32\waiijxue.ini
    C:\WINDOWS\system32\wapjraxd.dll
    C:\WINDOWS\system32\wgeiwryo.ini
    C:\WINDOWS\system32\wgvejncp.dll
    C:\WINDOWS\system32\wlxfwxaf.dll
    C:\WINDOWS\system32\xaolcqff.dll
    C:\WINDOWS\system32\xbgtjxsc.dll
    C:\WINDOWS\system32\xdedowxn.dll
    C:\WINDOWS\system32\xeaybxaq.ini
    C:\WINDOWS\system32\xfiwedpo.dll
    C:\WINDOWS\system32\xnttmlup.dll
    C:\WINDOWS\system32\xpohpvtd.dll
    C:\WINDOWS\system32\xtruobao.dll
    C:\WINDOWS\system32\xvpxxysf.ini
    C:\WINDOWS\system32\xxyaxxu.dll
    C:\WINDOWS\system32\yayawtq.dll
    C:\WINDOWS\system32\yayaywv.dll
    C:\WINDOWS\system32\yayvtqq.dll
    C:\WINDOWS\system32\yiyrutjr.dll
    C:\WINDOWS\system32\ypphhyns.ini
    C:\WINDOWS\system32\yyjbumna.dll
    C:\WINDOWS\wnsxs~1

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-09 18:28 . 2008-04-09 18:28 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-09 11:07 . 2008-04-09 11:35 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2008-04-09 01:20 . 2008-04-09 01:20 3,648 --a------ C:\WINDOWS\system32\xcnrvscj.dll
    2008-04-09 01:11 . 2008-04-09 16:01 345 --ahs---- C:\WINDOWS\system32\nVwvDcdd.ini
    2008-04-09 00:49 . 2008-04-09 01:31 <REP> d-------- C:\VundoFix Backups
    2008-04-09 00:19 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-04-09 00:18 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-04-09 00:17 . 2001-08-23 16:57 286,848 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-04-09 00:16 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-04-09 00:15 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-04-09 00:14 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-04-09 00:13 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-04-09 00:12 . 2001-08-23 17:03 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-04-09 00:11 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-04-09 00:10 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2008-04-09 00:09 . 2004-08-19 16:09 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
    2008-04-09 00:08 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-04-09 00:07 . 2001-08-23 17:16 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
    2008-04-09 00:06 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-04-09 00:05 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-04-09 00:04 . 2001-08-23 17:03 715,466 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
    2008-04-09 00:03 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-04-09 00:02 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-04-09 00:01 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-04-09 00:00 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\OLD4D.tmp
    2008-04-08 23:59 . 2008-04-08 23:59 <REP> d-------- C:\WINDOWS\msagent
    2008-04-08 23:36 . 2008-04-08 23:36 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-08 23:10 . 2008-04-08 23:10 3,648 --a------ C:\WINDOWS\system32\rviclcpi.dll
    2008-04-08 17:14 . 2008-04-08 17:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-08 16:24 . 2008-04-08 16:24 3,648 --a------ C:\WINDOWS\system32\cytynvct.dll
    2008-04-08 15:17 . 2008-04-08 15:17 3,648 --a------ C:\WINDOWS\system32\busydidf.dll
    2008-04-05 22:20 . 2008-04-05 22:29 93,248 --a------ C:\WINDOWS\system32\ffiirxnw.dll
    2008-04-03 18:27 . 2008-04-03 18:27 692,359 ---hs---- C:\WINDOWS\system32\arhyibrx.tmp
    2008-04-02 19:15 . 2008-04-02 19:15 4,678,314 ---hs---- C:\WINDOWS\system32\bchbejke.tmp
    2008-04-02 19:14 . 2008-04-02 19:11 4,678,314 ---hs---- C:\WINDOWS\system32\bchbejke.ini
    2008-04-02 19:11 . 2008-04-02 19:16 210 --a------ C:\WINDOWS\system32\iierdsxd.tmp
    2008-04-02 14:17 . 2008-04-02 19:11 4,678,314 ---hs---- C:\WINDOWS\system32\iierdsxd.ini
    2008-04-02 12:23 . 2008-04-02 12:55 4,094,421 ---hs---- C:\WINDOWS\system32\qfycwepv.ini
    2008-04-01 18:09 . 2008-04-01 20:41 3,175,990 ---hs---- C:\WINDOWS\system32\muluupfe.ini
    2008-03-31 18:17 . 2008-03-31 20:47 1,577,486 ---hs---- C:\WINDOWS\system32\xeutpitu.ini
    2008-03-31 11:36 . 2008-03-31 15:37 1,561,651 ---hs---- C:\WINDOWS\system32\jrhakrrd.ini
    2008-03-30 12:17 . 2008-03-30 12:17 1,561,471 ---hs---- C:\WINDOWS\system32\ptlbwgww.tmp
    2008-03-30 12:17 . 2008-03-30 12:17 1,561,471 ---hs---- C:\WINDOWS\system32\ptlbwgww.ini
    2008-03-30 00:31 . 2008-03-30 12:16 1,561,411 ---hs---- C:\WINDOWS\system32\vltivvep.ini
    2008-03-29 16:01 . 2008-03-29 16:01 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-03-29 14:03 . 2008-03-29 21:17 1,560,991 ---hs---- C:\WINDOWS\system32\ovyurjpx.ini
    2008-03-29 09:31 . 2008-03-29 14:02 1,560,811 ---hs---- C:\WINDOWS\system32\hdhrifws.ini
    2008-03-27 16:30 . 2008-03-27 16:30 1,566,607 ---hs---- C:\WINDOWS\system32\hyggxrto.tmp
    2008-03-27 16:30 . 2008-03-27 16:29 1,566,607 ---hs---- C:\WINDOWS\system32\hyggxrto.ini
    2008-03-27 14:10 . 2008-03-27 16:29 1,566,607 ---hs---- C:\WINDOWS\system32\ludeaowb.ini
    2008-03-26 14:14 . 2008-03-26 16:36 1,586,047 ---hs---- C:\WINDOWS\system32\pkcknkol.ini
    2008-03-25 22:37 . 2008-03-25 22:38 1,573,566 ---hs---- C:\WINDOWS\system32\ewegbysg.ini
    2008-03-25 18:38 . 2008-03-25 22:36 1,575,401 ---hs---- C:\WINDOWS\system32\xbpyucjl.ini
    2008-03-24 16:59 . 2008-03-24 19:51 1,578,025 ---hs---- C:\WINDOWS\system32\dynfsrig.ini
    2008-03-24 14:15 . 2008-03-24 14:54 1,548,953 ---hs---- C:\WINDOWS\system32\rrcrjejo.ini
    2008-03-24 13:05 . 2008-03-24 13:06 2,214 ---hs---- C:\WINDOWS\system32\wjnepkrg.ini
    2008-03-24 13:02 . 2008-03-24 13:05 2,094 ---hs---- C:\WINDOWS\system32\rdoarmdi.ini
    2008-03-23 17:04 . 2008-03-23 17:15 1,614 ---hs---- C:\WINDOWS\system32\wforytlo.ini
    2008-03-22 09:21 . 2008-03-22 15:25 1,374 ---hs---- C:\WINDOWS\system32\cbwolnib.ini
    2008-03-21 12:46 . 2008-03-21 22:40 1,539,183 ---hs---- C:\WINDOWS\system32\jhxtglsm.ini
    2008-03-20 21:27 . 2008-03-21 12:41 1,540,334 ---hs---- C:\WINDOWS\system32\flroalwc.ini
    2008-03-20 19:46 . 2008-03-20 21:27 1,540,034 ---hs---- C:\WINDOWS\system32\rpbtpsxq.ini
    2008-03-20 09:15 . 2008-03-20 19:16 1,541,463 ---hs---- C:\WINDOWS\system32\iqgqviau.ini
    2008-03-18 21:28 . 2008-03-18 21:31 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-18 21:26 . 2008-03-18 22:21 <REP> d-------- C:\Program Files\Guitar Pro 5

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 16:14 --------- d-----w C:\Program Files\Lx_cats
    2008-04-09 14:30 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\OpenOffice.org2
    2008-04-08 21:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-08 10:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-04-04 20:12 --------- d-----w C:\Program Files\Opera
    2008-04-04 20:04 --------- d-----w C:\Program Files\Geneatique2007
    2008-04-03 20:28 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\LimeWire
    2008-03-18 19:29 --------- d-----w C:\Program Files\eMule
    2008-03-11 17:31 --------- d-----w C:\Program Files\Azureus
    2008-03-11 17:31 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\Azureus
    2008-02-22 18:49 --------- d-----w C:\Program Files\Alcohol Soft
    2008-02-22 18:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-22 18:28 --------- d-----w C:\Program Files\Mvm
    2008-02-22 18:28 --------- d-----w C:\Program Files\Borland
    2008-02-18 20:29 --------- d-----w C:\Program Files\Total Video Converter
    2008-02-14 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-02-12 20:26 --------- d-----w C:\Program Files\Protectis
    2008-02-12 13:23 6,688 ----a-w C:\WINDOWS\movexe.exe
    2008-02-12 12:51 --------- d-----w C:\Program Files\Tracker Software
    2008-02-10 23:24 --------- d-----w C:\Program Files\LimeWire
    2008-01-28 18:49 30,601 ----a-w C:\Documents and Settings\Administrateur.ORDI\x.exe
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    2007-03-25 21:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ------- Sigcheck -------

    2006-11-11 16:02 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FC0254A-241B-4D41-95A1-9591C3194404}]
    C:\WINDOWS\system32\pmkjg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A12F8F9B-7758-460E-9D67-C33CEE3E5F34}]
    C:\WINDOWS\system32\ddcDvwVn.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
    "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-28 21:57 68856]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2007-01-23 13:34 53248 C:\WINDOWS\system32\SiSPower.dll]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]
    "0ceecd00"="C:\WINDOWS\system32\uuvpqpdt.dll" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuMorePrograms"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "NoInstrumentation"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnkji]
    opnnkji.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^TimeLeft.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\TimeLeft.lnk
    backup=C:\WINDOWS\pss\TimeLeft.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^UDPixel.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\UDPixel.lnk
    backup=C:\WINDOWS\pss\UDPixel.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
    backup=C:\WINDOWS\pss\Xfire.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-01-15 17:14 147456 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    --a------ 2005-08-01 08:05 94208 C:\Program Files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\AntivirusFirewall\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    C:\Program Files\FlashGet\FlashGet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-11-20 21:21 1840128 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2004-12-14 19:57 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2004-12-14 19:51 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    --a------ 2005-07-21 02:07 200704 C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
    C:\Program Files\MSN Webcam Recorder\ml20gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
    C:\WINDOWS\msnlogm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 18:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-03-28 21:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    C:\Program Files\Save\Save.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 02:08]
    S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE []
    S2 Ca536av;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys []
    S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
    S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys []
    S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-20 21:21]
    S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys []
    S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-05-17 08:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 18:28:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\IcoSauve.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-09 18:44:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-09 16:44:13
    Pre-Run: 12,425,211,904 octets libres
    Post-Run: 11,341,271,040 octets libres
    .
    2008-04-08 22:44:27 --- E O F ---
    9 Avril 2008 19:01:06

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:00:17, on 09/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\IcoSauve.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FC0254A-241B-4D41-95A1-9591C3194404} - C:\WINDOWS\system32\pmkjg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A12F8F9B-7758-460E-9D67-C33CEE3E5F34} - C:\WINDOWS\system32\ddcDvwVn.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [0ceecd00] rundll32.exe "C:\WINDOWS\system32\uuvpqpdt.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: opnnkji - opnnkji.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Unknown owner - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: fsbwsys - Unknown owner - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE (file missing)
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 7705 bytes
    10 Avril 2008 19:19:46

    :hello: 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\system32\xcnrvscj.dll
    C:\WINDOWS\system32\nVwvDcdd.ini
    C:\WINDOWS\system32\rviclcpi.dll
    C:\WINDOWS\system32\cytynvct.dll
    C:\WINDOWS\system32\busydidf.dll
    C:\WINDOWS\system32\ffiirxnw.dll
    C:\WINDOWS\system32\arhyibrx.tmp
    C:\WINDOWS\system32\bchbejke.tmp
    C:\WINDOWS\system32\bchbejke.ini
    C:\WINDOWS\system32\iierdsxd.tmp
    C:\WINDOWS\system32\iierdsxd.ini
    C:\WINDOWS\system32\qfycwepv.ini
    C:\WINDOWS\system32\muluupfe.ini
    C:\WINDOWS\system32\xeutpitu.ini
    C:\WINDOWS\system32\jrhakrrd.ini
    C:\WINDOWS\system32\ptlbwgww.tmp
    C:\WINDOWS\system32\ptlbwgww.ini
    C:\WINDOWS\system32\vltivvep.ini
    C:\WINDOWS\system32\ovyurjpx.ini
    C:\WINDOWS\system32\hdhrifws.ini
    C:\WINDOWS\system32\hyggxrto.tmp
    C:\WINDOWS\system32\hyggxrto.ini
    C:\WINDOWS\system32\ludeaowb.ini
    C:\WINDOWS\system32\pkcknkol.ini
    C:\WINDOWS\system32\ewegbysg.ini
    C:\WINDOWS\system32\xbpyucjl.ini
    C:\WINDOWS\system32\dynfsrig.ini
    C:\WINDOWS\system32\rrcrjejo.ini
    C:\WINDOWS\system32\wjnepkrg.ini
    C:\WINDOWS\system32\rdoarmdi.ini
    C:\WINDOWS\system32\wforytlo.ini
    C:\WINDOWS\system32\cbwolnib.ini
    C:\WINDOWS\system32\jhxtglsm.ini
    C:\WINDOWS\system32\flroalwc.ini
    C:\WINDOWS\system32\rpbtpsxq.ini
    C:\WINDOWS\system32\iqgqviau.ini

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FC0254A-241B-4D41-95A1-9591C3194404}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A12F8F9B-7758-460E-9D67-C33CEE3E5F34}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "0ceecd00"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnkji]



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    10 Avril 2008 19:32:31

    Salut Merillym

    Citation :
    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


    tu veux dire CFScript.txt ??
    10 Avril 2008 19:32:59

    Et ?
    10 Avril 2008 19:35:31

    Egwene a dit :
    Et ?

    non désolé je pensais juste que tu m'"enguelait" vu que c'était en gras, désolé :ange: 
    10 Avril 2008 19:36:56

    :D  :lol:  En gras c'est pour attirer l'attention sur des points essentiels de la manip' ;) 
    10 Avril 2008 20:06:28

    voilà : ComboFix 08-04-08.10 - monstrum 2008-04-10 19:40:39.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.97 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur.ORDI\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur.ORDI\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\arhyibrx.tmp
    C:\WINDOWS\system32\bchbejke.ini
    C:\WINDOWS\system32\bchbejke.tmp
    C:\WINDOWS\system32\busydidf.dll
    C:\WINDOWS\system32\cbwolnib.ini
    C:\WINDOWS\system32\cytynvct.dll
    C:\WINDOWS\system32\dynfsrig.ini
    C:\WINDOWS\system32\ewegbysg.ini
    C:\WINDOWS\system32\ffiirxnw.dll
    C:\WINDOWS\system32\flroalwc.ini
    C:\WINDOWS\system32\hdhrifws.ini
    C:\WINDOWS\system32\hyggxrto.ini
    C:\WINDOWS\system32\hyggxrto.tmp
    C:\WINDOWS\system32\iierdsxd.ini
    C:\WINDOWS\system32\iierdsxd.tmp
    C:\WINDOWS\system32\iqgqviau.ini
    C:\WINDOWS\system32\jhxtglsm.ini
    C:\WINDOWS\system32\jrhakrrd.ini
    C:\WINDOWS\system32\ludeaowb.ini
    C:\WINDOWS\system32\muluupfe.ini
    C:\WINDOWS\system32\nVwvDcdd.ini
    C:\WINDOWS\system32\ovyurjpx.ini
    C:\WINDOWS\system32\pkcknkol.ini
    C:\WINDOWS\system32\ptlbwgww.ini
    C:\WINDOWS\system32\ptlbwgww.tmp
    C:\WINDOWS\system32\qfycwepv.ini
    C:\WINDOWS\system32\rdoarmdi.ini
    C:\WINDOWS\system32\rpbtpsxq.ini
    C:\WINDOWS\system32\rrcrjejo.ini
    C:\WINDOWS\system32\rviclcpi.dll
    C:\WINDOWS\system32\vltivvep.ini
    C:\WINDOWS\system32\wforytlo.ini
    C:\WINDOWS\system32\wjnepkrg.ini
    C:\WINDOWS\system32\xbpyucjl.ini
    C:\WINDOWS\system32\xcnrvscj.dll
    C:\WINDOWS\system32\xeutpitu.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\arhyibrx.tmp
    C:\WINDOWS\system32\bchbejke.ini
    C:\WINDOWS\system32\bchbejke.tmp
    C:\WINDOWS\system32\busydidf.dll
    C:\WINDOWS\system32\cbwolnib.ini
    C:\WINDOWS\system32\cytynvct.dll
    C:\WINDOWS\system32\dynfsrig.ini
    C:\WINDOWS\system32\ewegbysg.ini
    C:\WINDOWS\system32\ffiirxnw.dll
    C:\WINDOWS\system32\flroalwc.ini
    C:\WINDOWS\system32\hdhrifws.ini
    C:\WINDOWS\system32\hyggxrto.ini
    C:\WINDOWS\system32\hyggxrto.tmp
    C:\WINDOWS\system32\iierdsxd.ini
    C:\WINDOWS\system32\iierdsxd.tmp
    C:\WINDOWS\system32\iqgqviau.ini
    C:\WINDOWS\system32\jhxtglsm.ini
    C:\WINDOWS\system32\jrhakrrd.ini
    C:\WINDOWS\system32\ludeaowb.ini
    C:\WINDOWS\system32\muluupfe.ini
    C:\WINDOWS\system32\nVwvDcdd.ini
    C:\WINDOWS\system32\ovyurjpx.ini
    C:\WINDOWS\system32\pkcknkol.ini
    C:\WINDOWS\system32\ptlbwgww.ini
    C:\WINDOWS\system32\ptlbwgww.tmp
    C:\WINDOWS\system32\qfycwepv.ini
    C:\WINDOWS\system32\rdoarmdi.ini
    C:\WINDOWS\system32\rpbtpsxq.ini
    C:\WINDOWS\system32\rrcrjejo.ini
    C:\WINDOWS\system32\rviclcpi.dll
    C:\WINDOWS\system32\vltivvep.ini
    C:\WINDOWS\system32\wforytlo.ini
    C:\WINDOWS\system32\wjnepkrg.ini
    C:\WINDOWS\system32\xbpyucjl.ini
    C:\WINDOWS\system32\xcnrvscj.dll
    C:\WINDOWS\system32\xeutpitu.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-10 13:06 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\OLD1EB.tmp
    2008-04-10 13:05 . 2004-08-19 19:09 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\OLDA9.tmp
    2008-04-10 13:04 . 2008-04-10 13:07 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-09 00:49 . 2008-04-09 01:31 <REP> d-------- C:\VundoFix Backups
    2008-04-09 00:19 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-04-09 00:18 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-04-09 00:17 . 2001-08-23 16:57 286,848 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-04-09 00:16 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-04-09 00:15 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-04-09 00:14 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-04-09 00:13 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-04-09 00:12 . 2001-08-23 17:03 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-04-09 00:11 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-04-09 00:10 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2008-04-09 00:09 . 2004-08-19 16:09 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
    2008-04-09 00:08 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-04-09 00:07 . 2001-08-23 17:16 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
    2008-04-09 00:06 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-04-09 00:05 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-04-09 00:04 . 2001-08-23 17:03 715,466 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
    2008-04-09 00:03 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-04-09 00:02 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-04-09 00:01 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-04-09 00:00 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\OLD4D.tmp
    2008-04-08 23:59 . 2008-04-08 23:59 <REP> d-------- C:\WINDOWS\msagent
    2008-04-08 23:36 . 2008-04-08 23:36 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-08 17:14 . 2008-04-08 17:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-05 22:20 . 2008-04-05 22:29 93,248 --a------ C:\WINDOWS\system32\cmvtdyqp.dll
    2008-03-29 16:01 . 2008-03-29 16:01 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-03-18 21:28 . 2008-03-18 21:31 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-18 21:26 . 2008-03-18 22:21 <REP> d-------- C:\Program Files\Guitar Pro 5

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 17:38 --------- d-----w C:\Program Files\Lx_cats
    2008-04-09 14:30 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\OpenOffice.org2
    2008-04-09 11:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-04-08 21:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-04 20:12 --------- d-----w C:\Program Files\Opera
    2008-04-04 20:04 --------- d-----w C:\Program Files\Geneatique2007
    2008-04-03 20:28 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\LimeWire
    2008-03-18 19:29 --------- d-----w C:\Program Files\eMule
    2008-03-11 17:31 --------- d-----w C:\Program Files\Azureus
    2008-03-11 17:31 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\Azureus
    2008-02-22 18:49 --------- d-----w C:\Program Files\Alcohol Soft
    2008-02-22 18:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-22 18:28 --------- d-----w C:\Program Files\Mvm
    2008-02-22 18:28 --------- d-----w C:\Program Files\Borland
    2008-02-18 20:29 --------- d-----w C:\Program Files\Total Video Converter
    2008-02-14 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-02-12 20:26 --------- d-----w C:\Program Files\Protectis
    2008-02-12 13:23 6,688 ----a-w C:\WINDOWS\movexe.exe
    2008-02-12 12:51 --------- d-----w C:\Program Files\Tracker Software
    2008-02-10 23:24 --------- d-----w C:\Program Files\LimeWire
    2008-01-28 18:49 30,601 ----a-w C:\Documents and Settings\Administrateur.ORDI\x.exe
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    2007-03-25 21:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ------- Sigcheck -------

    2006-11-11 16:02 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((( snapshot@2008-04-09_18.43.29.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-03 21:10:08 53,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\1394bus.sys
    + 2001-08-17 20:06:48 11,264 ----a-w C:\WINDOWS\LastGood\system32\dllcache\1394vdbg.sys
    + 2001-08-17 19:28:00 762,780 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3cwmcru.sys
    + 2001-08-23 15:46:44 689,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3dfxvs.dll
    + 2001-08-17 18:48:32 148,352 ----a-w C:\WINDOWS\LastGood\system32\dllcache\3dfxvsm.sys
    + 2004-08-03 21:00:04 12,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\4mmdat.sys
    + 2004-08-03 21:10:12 48,128 ----a-w C:\WINDOWS\LastGood\system32\dllcache\61883.sys
    + 2001-08-23 15:46:44 38,400 ----a-w C:\WINDOWS\LastGood\system32\dllcache\8514a.dll
    + 2001-08-23 15:46:58 98,304 ----a-w C:\WINDOWS\LastGood\system32\dllcache\a3d.dll
    + 2001-08-23 15:46:58 462,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\a3dapi.dll
    + 2001-08-17 19:52:00 23,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\abp480n5.sys
    + 2004-08-03 20:32:22 231,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97ali.sys
    + 2001-08-17 18:20:04 96,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97intc.sys
    + 2001-08-17 18:20:16 297,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97sis.sys
    + 2004-08-03 20:32:32 84,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ac97via.sys
    + 2001-08-23 15:46:58 61,952 ----a-w C:\WINDOWS\LastGood\system32\dllcache\acerscad.dll
    + 2001-08-17 19:53:02 7,424 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adicvls.sys
    + 2001-08-17 18:11:18 20,160 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8511.sys
    + 2001-08-17 18:19:10 584,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8810.sys
    + 2001-08-17 18:19:14 553,984 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8820.sys
    + 2001-08-17 18:19:14 747,392 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adm8830.sys
    + 2004-08-19 17:09:19 29,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admexs.dll
    + 2004-08-03 20:32:24 10,880 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admjoy.sys
    + 2002-09-06 20:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admxprox.dll
    + 2001-08-17 18:11:16 46,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adptsf50.sys
    + 2001-08-17 20:07:32 101,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adpu160m.sys
    + 2002-09-06 20:59:59 50,176 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adrot.dll
    + 2004-08-19 14:09:20 4,255 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv01nt5.dll
    + 2004-08-19 14:09:20 3,967 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv02nt5.dll
    + 2004-08-19 14:09:20 3,615 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv05nt5.dll
    + 2004-08-19 14:09:20 3,647 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv07nt5.dll
    + 2004-08-19 14:09:20 3,135 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv08nt5.dll
    + 2004-08-19 14:09:20 3,711 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv09nt5.dll
    + 2004-08-19 14:09:20 3,775 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adv11nt5.dll
    + 2004-08-03 21:07:42 42,368 ----a-w C:\WINDOWS\LastGood\system32\dllcache\agp440.sys
    + 2004-08-03 21:07:44 44,928 ----a-w C:\WINDOWS\LastGood\system32\dllcache\agpcpq.sys
    + 2001-08-17 19:52:02 12,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aha154x.sys
    + 2001-08-17 20:07:36 55,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aic78u2.sys
    + 2001-08-17 20:07:38 56,960 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aic78xx.sys
    + 2001-08-17 18:11:18 27,678 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ali5261.sys
    + 2001-08-17 19:49:02 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\alifir.sys
    + 2001-08-17 19:51:56 5,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aliide.sys
    + 2004-08-03 21:07:42 42,752 ----a-w C:\WINDOWS\LastGood\system32\dllcache\alim1541.sys
    + 2001-08-17 18:11:20 16,969 ----a-w C:\WINDOWS\LastGood\system32\dllcache\amb8002.sys
    + 2004-08-03 21:07:44 43,008 ----a-w C:\WINDOWS\LastGood\system32\dllcache\amdagp.sys
    + 2001-08-17 19:52:04 12,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\amsint.sys
    + 2004-08-03 20:31:20 36,224 ----a-w C:\WINDOWS\LastGood\system32\dllcache\an983.sys
    + 2001-08-17 19:47:22 6,272 ----a-w C:\WINDOWS\LastGood\system32\dllcache\apmbatt.sys
    + 2004-08-19 17:09:19 110,080 ----a-w C:\WINDOWS\LastGood\system32\dllcache\appconf.dll
    + 2004-08-19 17:09:19 334,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aqueue.dll
    + 2001-08-17 19:52:00 26,496 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asc.sys
    + 2001-08-17 19:52:04 22,400 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asc3350p.sys
    + 2001-08-17 19:51:58 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asc3550.sys
    + 2006-12-13 12:52:44 377,344 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asp51.dll
    + 2001-08-17 18:12:34 97,354 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aspndis3.sys
    + 2002-09-06 20:59:59 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aspperf.dll
    + 2002-09-06 20:59:59 29,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asptxn.dll
    + 2001-08-23 15:46:44 96,128 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati.dll
    + 2001-08-23 14:59:32 77,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati.sys
    + 2004-08-03 20:29:30 56,623 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1btxx.sys
    + 2004-08-03 20:29:30 11,615 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1mdxx.sys
    + 2004-08-03 20:29:30 12,047 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1pdxx.sys
    + 2004-08-03 20:29:32 30,671 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1raxx.sys
    + 2004-08-03 20:29:32 63,663 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1rvxx.sys
    + 2004-08-03 20:29:32 26,367 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1snxx.sys
    + 2004-08-03 20:29:32 21,343 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1ttxx.sys
    + 2004-08-03 20:29:32 36,463 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1tuxx.sys
    + 2004-08-03 20:29:32 29,455 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1xbxx.sys
    + 2004-08-03 20:29:32 34,735 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati1xsxx.sys
    + 2004-08-19 14:09:20 229,376 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati2cqag.dll
    + 2004-08-19 14:09:20 377,984 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati2dvaa.dll
    + 2004-08-19 14:09:20 201,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati2dvag.dll
    + 2004-08-19 13:53:40 327,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati2mtaa.sys
    + 2004-08-19 13:53:42 701,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati2mtag.sys
    + 2004-08-19 14:09:20 870,784 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati3d1ag.dll
    + 2004-08-19 14:09:20 1,888,992 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ati3duag.dll
    + 2001-08-17 18:49:04 46,464 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atibt829.sys
    + 2001-08-23 15:46:44 382,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atidrab.dll
    + 2001-08-23 15:46:44 137,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atidrae.dll
    + 2001-08-23 15:46:44 268,160 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atidvai.dll
    + 2001-08-23 15:47:26 37,376 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atievxx.exe
    + 2001-08-23 14:59:36 289,920 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atimpab.sys
    + 2001-08-23 14:59:36 75,392 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atimpae.sys
    + 2001-08-23 14:59:38 281,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atimtai.sys
    + 2004-08-03 20:29:28 57,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinbtxx.sys
    + 2004-08-03 20:29:30 13,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinmdxx.sys
    + 2004-08-03 20:29:30 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinpdxx.sys
    + 2004-08-03 20:29:30 52,224 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinraxx.sys
    + 2004-08-03 20:29:32 104,960 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinrvxx.sys
    + 2004-08-03 20:29:32 28,672 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinsnxx.sys
    + 2004-08-03 20:29:32 13,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinttxx.sys
    + 2004-08-03 20:29:32 73,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atintuxx.sys
    + 2004-08-03 20:29:32 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinxbxx.sys
    + 2004-08-03 20:29:32 63,488 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atinxsxx.sys
    + 2001-08-17 18:49:36 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atipcxxx.sys
    + 2001-08-23 15:46:44 104,832 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atiraged.dll
    + 2001-08-23 14:59:40 70,784 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atiragem.sys
    + 2001-08-17 18:49:12 49,920 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atirtcap.sys
    + 2001-08-17 18:49:18 26,880 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atirtsnd.sys
    + 2001-08-17 18:49:22 17,152 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atitunep.sys
    + 2001-08-17 18:49:28 17,152 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atitvsnd.sys
    + 2001-08-17 18:49:38 9,472 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ativmdcd.sys
    + 2004-08-19 14:09:20 32,768 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ativtmxx.dll
    + 2001-08-17 18:49:44 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ativttxx.sys
    + 2004-08-19 14:09:20 516,768 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ativvaxx.dll
    + 2001-08-17 18:49:48 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ativxbar.sys
    + 2001-08-17 18:49:34 23,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atixbar.sys
    + 2004-08-19 14:09:22 21,183 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atv01nt5.dll
    + 2004-08-19 14:09:22 11,359 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atv02nt5.dll
    + 2004-08-19 14:09:22 25,471 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atv04nt5.dll
    + 2004-08-19 14:09:22 14,143 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atv06nt5.dll
    + 2004-08-19 14:09:22 17,279 ----a-w C:\WINDOWS\LastGood\system32\dllcache\atv10nt5.dll
    + 2002-09-06 20:59:59 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\authfilt.dll
    + 2004-08-03 21:10:12 38,912 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avc.sys
    + 2001-08-17 20:01:12 36,096 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avcaudio.sys
    + 2004-08-03 21:10:00 13,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avcstrm.sys
    + 2001-08-23 15:46:58 87,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avmcoxp.dll
    + 2001-08-23 15:46:58 144,384 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avmenum.dll
    + 2001-08-17 18:13:48 37,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\avmwan.sys
    + 2001-08-17 18:19:16 36,992 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aztw2320.sys
    + 2001-08-17 18:13:56 89,952 ----a-w C:\WINDOWS\LastGood\system32\dllcache\b1cbase.sys
    + 2001-08-23 15:00:08 97,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\b57xp32.sys
    + 2001-08-23 15:46:44 342,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\banshee.dll
    + 2001-08-17 18:48:28 36,128 ----a-w C:\WINDOWS\LastGood\system32\dllcache\banshee.sys
    + 2001-08-17 19:57:54 14,080 ----a-w C:\WINDOWS\LastGood\system32\dllcache\battc.sys
    + 2001-08-17 18:11:28 66,557 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bcm42u.sys
    + 2001-08-17 18:11:26 54,271 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bcm42xx5.sys
    + 2001-08-17 18:11:30 26,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bcm4e5.sys
    + 2001-08-17 19:28:00 871,388 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bcmdm.sys
    + 2004-08-03 21:10:14 11,776 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bdasup.sys
    + 2001-08-23 15:46:58 105,472 ----a-w C:\WINDOWS\LastGood\system32\dllcache\binlsvc.dll
    + 2001-08-23 15:46:58 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brbidiif.dll
    + 2001-08-23 15:46:58 9,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brcoinst.dll
    + 2001-08-23 15:46:58 12,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brevif.dll
    + 2001-08-17 19:12:22 12,160 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brfiltlo.sys
    + 2001-08-17 19:12:24 3,968 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brfiltup.sys
    + 2001-08-23 15:46:58 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brmfbidi.dll
    + 2001-08-23 15:46:58 81,920 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brmfcwia.dll
    + 2001-08-23 15:46:58 29,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brmflpt.dll
    + 2001-08-23 15:47:30 32,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brmfrsmg.exe
    + 2001-08-23 15:46:58 41,472 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brmfusb.dll
    + 2002-09-06 20:59:59 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\browscap.dll
    + 2001-08-17 19:12:24 3,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brparimg.sys
    + 2001-08-23 15:01:54 39,808 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brparwdm.sys
    + 2001-08-23 15:46:58 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brscnrsm.dll
    + 2001-08-23 15:46:58 9,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brserif.dll
    + 2001-08-17 19:12:20 60,416 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brserwdm.sys
    + 2001-08-17 19:12:20 11,008 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brusbmdm.sys
    + 2001-08-17 19:12:22 10,368 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brusbscn.sys
    + 2001-08-17 18:11:24 31,529 ----a-w C:\WINDOWS\LastGood\system32\dllcache\brzwlan.sys
    + 2004-08-03 21:10:40 17,024 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthenum.sys
    + 2004-08-03 21:10:40 38,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthmodem.sys
    + 2004-08-03 20:58:40 100,992 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthpan.sys
    + 2004-08-19 13:55:32 274,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthport.sys
    + 2004-08-03 21:10:38 35,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthprint.sys
    + 2004-08-03 21:10:36 18,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bthusb.sys
    + 2001-08-23 15:02:02 14,080 ----a-w C:\WINDOWS\LastGood\system32\dllcache\bulltlp3.sys
    + 2001-08-23 15:46:58 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_adsiisex.dll
    + 2001-08-23 15:46:58 45,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_aqadmin.dll
    + 2003-03-24 13:52:04 147,513 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4apws.dll
    + 2003-03-24 13:52:04 49,210 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4areg.dll
    + 2003-03-24 13:52:04 102,509 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4atxt.dll
    + 2003-03-24 13:52:04 41,020 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avnb.dll
    + 2003-03-24 13:52:04 32,826 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avss.dll
    + 2003-03-24 13:52:04 49,212 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awebs.dll
    + 2004-05-12 22:39:48 876,653 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awel.dll
    + 2002-05-14 11:08:54 14,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98sadm.exe
    + 2002-05-14 11:08:54 109,328 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98swin.exe
    + 2003-03-24 13:52:04 188,494 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpcount.exe
    + 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpexedll.dll
    + 2004-05-12 22:39:48 598,071 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmc.dll
    + 2003-04-14 18:29:34 217,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmcsat.dll
    + 2003-03-24 13:52:04 20,538 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpremadm.exe
    + 2002-09-06 20:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsapi2.dll
    + 2004-08-19 17:09:27 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisext51.dll
    + 2004-08-19 17:09:27 64,512 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismap.dll
    + 2002-09-06 20:59:59 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisreset.exe
    + 2002-09-06 20:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstap.dll
    + 2004-08-19 17:09:55 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstas.exe
    + 2004-08-19 17:09:27 133,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrtl.dll
    + 2002-09-06 20:59:59 173,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisui.dll
    + 2004-08-19 17:09:29 842,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.dll
    + 2002-09-06 20:59:59 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.exe
    + 2002-09-06 20:59:59 19,968 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetsloc.dll
    + 2004-08-19 17:09:29 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoadmn.dll
    + 2004-08-19 17:09:31 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isatq.dll
    + 2007-02-28 16:08:15 2,139,648 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ntkrnlmp.exe
    + 2001-08-23 15:46:46 66,048 ----a-w C:\WINDOWS\LastGood\system32\dllcache\s3legacy.dll
    + 2003-03-24 13:52:04 20,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.dll
    + 2003-03-24 13:52:04 16,437 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.exe
    + 2004-08-19 17:09:41 189,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpadm.dll
    + 2004-08-19 17:09:43 2,134,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsnap.dll
    + 2004-08-19 17:09:45 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\staxmem.dll
    + 2003-03-24 13:52:04 32,827 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptest.exe
    + 2003-04-14 18:29:34 16,384 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptsat.dll
    + 2002-09-06 20:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamregps.dll
    + 2004-08-19 17:09:27 64,512 -c--a-w C:\WINDOWS\system32\dllcache\iismap.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
    "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-28 21:57 68856]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2007-01-23 13:34 53248 C:\WINDOWS\system32\SiSPower.dll]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

    C:\Documents and Settings\Administrateur.ORDI\Menu D‚marrer\Programmes\D‚marrage\
    IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe [2007-02-28 15:40:29 112128]

    C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-02-28 16:42:24 262144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuMorePrograms"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "NoInstrumentation"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^TimeLeft.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\TimeLeft.lnk
    backup=C:\WINDOWS\pss\TimeLeft.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^UDPixel.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\UDPixel.lnk
    backup=C:\WINDOWS\pss\UDPixel.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
    backup=C:\WINDOWS\pss\Xfire.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-01-15 17:14 147456 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    --a------ 2005-08-01 08:05 94208 C:\Program Files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\AntivirusFirewall\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    C:\Program Files\FlashGet\FlashGet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-11-20 21:21 1840128 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2004-12-14 19:57 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2004-12-14 19:51 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    --a------ 2005-07-21 02:07 200704 C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
    C:\Program Files\MSN Webcam Recorder\ml20gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
    C:\WINDOWS\msnlogm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 18:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-03-28 21:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    C:\Program Files\Save\Save.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 02:08]
    S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE []
    S2 Ca536av;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys []
    S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
    S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys []
    S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-20 21:21]
    S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys []
    S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-05-17 08:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-10 19:45:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-10 19:50:14
    ComboFix-quarantined-files.txt 2008-04-10 17:50:04
    ComboFix2.txt 2008-04-09 16:44:28
    Pre-Run: 10,280,837,120 octets libres
    Post-Run: 10,230,370,304 octets libres
    .
    2008-04-08 22:44:27 --- E O F ---
    10 Avril 2008 20:07:19

    et : Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:07:07, on 10/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\IcoSauve.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Unknown owner - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: fsbwsys - Unknown owner - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE (file missing)
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 7512 bytes
    11 Avril 2008 00:07:43

    Re,

    Je te réponds demain :) 

    Bonne nuit :hello: 
    11 Avril 2008 00:10:46

    merci, bonne nuit à toi aussi ;) 
    11 Avril 2008 14:13:35

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    12 Avril 2008 14:38:15

    Salut,
    Je le ferais cet après midi, j'ai essayé de le faire hier mais c'était long :) 
    12 Avril 2008 15:02:52

    Re,

    Oki pas de souci, pense bien à cliquer sur "supprimer la sélection".

    ;) 
    15 Avril 2008 12:31:29

    Bonjour :)  désolé pour le retard

    alors voilà le rapport (par contre j'ai un problème au démarrage, une fenetre "protection de fichiers windows" apparait, c'est normal docteur ?? encore merci Merillym

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 614

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 237035
    Temps écoulé: 5 hour(s), 9 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 92

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\bthrxajb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ccpjpkbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ckwlrjor.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ejuujufc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ffiirxnw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\idtlfdyw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jslldueo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\kteshflq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\lxkufxkr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vpggyjni.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xaolcqff.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yiyrutjr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092719.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092725.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092737.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092741.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092747.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092766.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092780.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092793.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092796.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092803.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097196.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097303.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099511.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099512.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099524.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP176\A0119969.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\cvalgfir.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\fbkhfnww.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\fsxsumwm.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\mnoxdgjs.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\qcrfumuq.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\ybraokoi.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aforjuqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atdvmnhn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bqwdydil.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cmvtdyqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmvbiuys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dviubyrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ejeydghv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\flqvnryb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lhsshsbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oieurlpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\owfagmls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoowvteq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qqxyivaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rsydayfu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\syjxqkwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tcbpfbum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vqyttbwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wrnkwxdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    15 Avril 2008 14:38:47

    Re,

    Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
    http://www.suspectfile.com/systemscan/

    -Coche uniquement cette case, décoche tout le reste :

    -Recent Files, 30 days

    Puis clic sur scan now, soit patient.
    Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

    ;) 
    15 Avril 2008 21:02:23

    Je croyais que ça allait durer une plombe, et au final ça a duré 2 secondes :D 

    SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

    Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
    System directory: C:\WINDOWS
    SystemScan file: C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe
    Running in: User mode
    Date: 15/04/2008
    Time: 21:00:41

    Output limited to:
    -Recent files

    ===================== RECENT FILES =====================

    Showing files newer than 30 days

    ----- recent files in C:\
    03/04/2008 19:39:36 19318 byte 12 days old -- lxcgscan.log
    08/04/2008 15:25:04 3951 byte 7 days old -- Start_.cmd
    09/04/2008 01:31:09 (DIR) 0 byte 6 days old -- VundoFix Backups
    09/04/2008 04:30:49 (DIR) 0 byte 6 days old -- 327882R2FWJFW
    09/04/2008 19:20:24 5531 byte 6 days old -- VundoFix.txt
    10/04/2008 19:50:15 37318 byte 5 days old -- ComboFix.txt
    10/04/2008 19:50:16 (DIR) 0 byte 5 days old -- QooBox
    11/04/2008 02:22:01 (DIR) 0 byte 4 days old -- RECYCLER
    11/04/2008 19:32:43 (DIR) 0 byte 4 days old -- Program Files
    14/04/2008 03:42:57 (DIR) 0 byte 1 days old -- Config.Msi
    15/04/2008 12:09:13 704643072 byte 0 days old -- pagefile.sys
    15/04/2008 12:09:14 (DIR)469291008 byte 0 days old -- hiberfil.sys
    15/04/2008 12:09:41 (DIR) 0 byte 0 days old -- WINDOWS

    ----- recent files in C:\WINDOWS\
    18/03/2008 22:21:06 (DIR) 0 byte 28 days old -- Fonts
    28/03/2008 13:10:06 (DIR) 0 byte 18 days old -- Network Diagnostic
    04/04/2008 22:03:32 (DIR) 0 byte 11 days old -- twain_32
    04/04/2008 22:03:33 (DIR) 0 byte 11 days old -- SETUP536
    08/04/2008 23:36:41 (DIR) 0 byte 7 days old -- ERUNT
    08/04/2008 23:59:01 (DIR) 0 byte 7 days old -- msagent
    09/04/2008 00:44:26 81952 byte 6 days old -- WgaNotify.log
    09/04/2008 17:06:49 71072 byte 6 days old -- BM0fddfe9c.txt
    09/04/2008 18:24:56 (DIR) 0 byte 6 days old -- erdnt
    09/04/2008 22:23:21 (DIR) 0 byte 6 days old -- Prefetch
    10/04/2008 19:44:55 227 byte 5 days old -- system.ini
    10/04/2008 19:50:19 53248 byte 5 days old -- PSEXESVC.EXE
    14/04/2008 03:18:44 1462 byte 1 days old -- win.ini
    14/04/2008 03:41:44 (DIR) 0 byte 1 days old -- WinSxS
    14/04/2008 03:42:37 (DIR) 0 byte 1 days old -- Installer
    14/04/2008 18:22:02 (DIR) 0 byte 1 days old -- Microsoft.NET
    14/04/2008 18:24:42 (DIR) 0 byte 1 days old -- assembly
    14/04/2008 21:10:56 172976 byte 1 days old -- wmsetup.log
    14/04/2008 23:03:34 32542 byte 1 days old -- SchedLgU.Txt
    15/04/2008 04:17:39 9714382 byte 0 days old -- ntbtlog.txt
    15/04/2008 12:05:32 (DIR) 0 byte 0 days old -- system32
    15/04/2008 12:09:15 2048 byte 0 days old -- bootstat.dat
    15/04/2008 12:09:32 159 byte 0 days old -- wiadebug.log
    15/04/2008 12:09:33 313 byte 0 days old -- wiaservc.log
    15/04/2008 12:09:33 0 byte 0 days old -- 0.log
    15/04/2008 12:09:42 (DIR) 0 byte 0 days old -- LastGood
    15/04/2008 12:09:42 487450 byte 0 days old -- setupapi.log
    15/04/2008 12:09:42 (DIR) 0 byte 0 days old -- inf
    15/04/2008 14:43:45 (DIR) 0 byte 0 days old -- TEMP
    15/04/2008 16:52:38 69 byte 0 days old -- NeroDigital.ini
    15/04/2008 17:17:54 2044126 byte 0 days old -- WindowsUpdate.log

    ----- recent files in C:\WINDOWS\Downloaded Program Files\

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    18/03/2008 21:31:25 37888 byte 28 days old -- rar.exe
    19/03/2008 19:39:14 1403480 byte 27 days old -- FNTCACHE.DAT
    29/03/2008 16:01:18 (DIR) 0 byte 17 days old -- LogFiles
    31/03/2008 11:32:39 2228 byte 15 days old -- wpa.dbl
    05/04/2008 22:29:19 91200 byte 10 days old -- cfywlpnp.dll
    05/04/2008 22:29:21 91200 byte 10 days old -- eerwcyka.dll
    05/04/2008 22:29:21 91200 byte 10 days old -- ewqnkwsm.dll
    05/04/2008 22:29:21 90688 byte 10 days old -- dunxogbj.dll
    05/04/2008 22:29:22 90688 byte 10 days old -- fvykbxxa.dll
    05/04/2008 22:29:22 90688 byte 10 days old -- goarahql.dll
    05/04/2008 22:29:23 90688 byte 10 days old -- iufracgb.dll
    05/04/2008 22:29:23 90688 byte 10 days old -- isqdnecv.dll
    05/04/2008 22:29:23 91712 byte 10 days old -- kqekgxbe.dll
    05/04/2008 22:29:23 91712 byte 10 days old -- jandmcnf.dll
    05/04/2008 22:29:23 92224 byte 10 days old -- himdfben.dll
    05/04/2008 22:29:23 91200 byte 10 days old -- hydtwgpb.dll
    05/04/2008 22:29:24 91712 byte 10 days old -- mfsmjhre.dll
    05/04/2008 22:29:24 91200 byte 10 days old -- mgpwfnuf.dll
    05/04/2008 22:29:25 91712 byte 10 days old -- nyqmhuhq.dll
    05/04/2008 22:29:25 91712 byte 10 days old -- qajsrwnh.dll
    05/04/2008 22:29:25 91200 byte 10 days old -- pflwevhw.dll
    05/04/2008 22:29:25 91712 byte 10 days old -- nenuaovf.dll
    05/04/2008 22:29:27 93248 byte 10 days old -- vqncdcyi.dll
    05/04/2008 22:29:28 91712 byte 10 days old -- xhpxlafo.dll
    07/04/2008 17:34:42 3072 byte 8 days old -- CONFIG.NT
    09/04/2008 18:26:04 (DIR) 0 byte 6 days old -- config
    12/04/2008 14:15:20 (DIR) 0 byte 3 days old -- drivers
    14/04/2008 03:41:57 1039354 byte 1 days old -- PerfStringBackup.INI
    14/04/2008 03:41:57 85152 byte 1 days old -- perfc00C.dat
    14/04/2008 03:41:57 71154 byte 1 days old -- perfc009.dat
    14/04/2008 03:41:57 491694 byte 1 days old -- perfh00C.dat
    14/04/2008 03:41:57 423718 byte 1 days old -- perfh009.dat
    14/04/2008 23:06:40 (DIR) 0 byte 1 days old -- dllcache
    15/04/2008 12:09:39 (DIR) 0 byte 0 days old -- CatRoot2

    ----- recent files in C:\WINDOWS\system32\drivers\
    09/04/2008 18:27:52 (DIR) 0 byte 6 days old -- etc

    ----- recent files in C:\WINDOWS\temp\
    12/04/2008 22:25:01 3365002 byte 3 days old -- SPL125E.tmp
    14/04/2008 03:38:57 2 byte 1 days old -- dd_dotnetfx20error.txt
    14/04/2008 03:39:13 21420 byte 1 days old -- dd_depcheck_NETFX20_EXP_35.txt
    14/04/2008 03:41:58 5158 byte 1 days old -- ASPNETSetup_00000.log
    14/04/2008 03:42:57 10436056 byte 1 days old -- dd_NET_Framework20_Setup01B2.txt
    14/04/2008 03:43:11 69824 byte 1 days old -- uxeventlog.txt
    14/04/2008 03:43:11 134100 byte 1 days old -- dd_dotnetfx20install.txt
    14/04/2008 20:21:15 131187 byte 1 days old -- SPL1D0.tmp
    15/04/2008 12:09:18 255 byte 0 days old -- WGAErrLog.txt

    ----- recent files in C:\Program Files\
    18/03/2008 22:21:10 (DIR) 0 byte 28 days old -- Guitar Pro 5
    04/04/2008 22:04:20 (DIR) 0 byte 11 days old -- Geneatique2007
    04/04/2008 22:12:48 (DIR) 0 byte 11 days old -- Opera
    08/04/2008 17:14:03 (DIR) 0 byte 7 days old -- Trend Micro
    08/04/2008 23:59:01 (DIR) 0 byte 7 days old -- netmeeting
    09/04/2008 00:05:42 (DIR) 0 byte 6 days old -- Windows Media Player
    09/04/2008 18:24:47 (DIR) 0 byte 6 days old -- Fichiers communs
    11/04/2008 19:31:13 (DIR) 0 byte 4 days old -- Common Files
    11/04/2008 19:32:48 (DIR) 0 byte 4 days old -- Malwarebytes' Anti-Malware
    14/04/2008 03:40:40 (DIR) 0 byte 1 days old -- Internet Explorer
    15/04/2008 01:01:14 (DIR) 0 byte 0 days old -- BitLord
    15/04/2008 14:43:45 (DIR) 0 byte 0 days old -- Lx_cats
    15/04/2008 18:41:46 (DIR) 0 byte 0 days old -- Mozilla Firefox
    15/04/2008 20:05:22 (DIR) 0 byte 0 days old -- eMule

    ----- recent files in C:\Program Files\Fichiers communs\

    ----- recent files in C:\Documents and Settings\Administrateur.ORDI\Application Data\
    03/04/2008 22:28:57 (DIR) 0 byte 12 days old -- LimeWire
    11/04/2008 19:33:04 (DIR) 0 byte 4 days old -- Malwarebytes
    12/04/2008 15:42:24 (DIR) 0 byte 3 days old -- Adobe
    15/04/2008 14:05:47 (DIR) 0 byte 0 days old -- OpenOffice.org2

    ----- recent files in C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\
    10/04/2008 21:13:58 (DIR) 0 byte 5 days old -- plugtmp-2
    10/04/2008 23:27:34 16384 byte 5 days old -- ~DF61C4.tmp
    11/04/2008 00:08:08 (DIR) 0 byte 4 days old -- plugtmp
    11/04/2008 02:07:21 (DIR) 0 byte 4 days old -- plugtmp-1
    11/04/2008 17:24:39 5173 byte 4 days old -- TFR20A.tmp
    11/04/2008 19:30:16 (DIR) 0 byte 4 days old -- DRDld
    11/04/2008 19:37:02 311296 byte 4 days old -- ~DF1B1E.tmp
    12/04/2008 03:12:14 (DIR) 0 byte 3 days old -- plugtmp-3
    12/04/2008 15:24:37 156 byte 3 days old -- Twunk001.MTX
    12/04/2008 15:24:37 0 byte 3 days old -- Twunk002.MTX
    12/04/2008 15:24:48 1493 byte 3 days old -- TWAIN.LOG
    12/04/2008 15:24:48 2 byte 3 days old -- Twain001.Mtx
    12/04/2008 15:25:41 18537 byte 3 days old -- 20061025110315-300px-john-frusciante-1-.jpg
    12/04/2008 15:25:42 18537 byte 3 days old -- 20061025110315-300px-john-frusciante-1--1.jpg
    12/04/2008 15:42:25 691 byte 3 days old -- alm.log
    12/04/2008 15:42:25 2274 byte 3 days old -- amt.log
    12/04/2008 20:31:43 (DIR) 0 byte 3 days old -- plugtmp-4
    12/04/2008 22:11:00 28513 byte 3 days old -- le_gang.gp4
    12/04/2008 23:32:02 (DIR) 0 byte 3 days old -- plugtmp-5
    12/04/2008 23:33:35 5448 byte 3 days old -- 1683820220_small.jpg
    13/04/2008 18:10:16 512 byte 2 days old -- ~DF86C0.tmp
    13/04/2008 18:10:16 262144 byte 2 days old -- ~DF866D.tmp
    13/04/2008 18:10:22 512 byte 2 days old -- ~DF9692.tmp
    13/04/2008 18:10:22 262144 byte 2 days old -- ~DF95F2.tmp
    13/04/2008 22:50:17 4779 byte 2 days old -- Lennon, Julian - Salt Water.gp4
    13/04/2008 22:50:53 1958 byte 2 days old -- Lennon, John - Working Class Hero.zip
    13/04/2008 23:06:15 11545 byte 2 days old -- 6918.gp3
    14/04/2008 00:21:03 (DIR) 0 byte 1 days old -- plugtmp-6
    14/04/2008 00:22:59 0 byte 1 days old -- 7nbFB.tmp
    14/04/2008 03:01:34 (DIR) 0 byte 1 days old -- plugtmp-7
    14/04/2008 03:03:16 0 byte 1 days old -- 3c11F3.tmp
    14/04/2008 03:06:39 524288 byte 1 days old -- ~DFB11D.tmp
    14/04/2008 03:14:56 3099 byte 1 days old -- Lynyrd Skynyrd - Sweet Home Alabama (2).zip
    14/04/2008 03:17:55 0 byte 1 days old -- 3sv202.tmp
    14/04/2008 03:18:11 0 byte 1 days old -- cxb203.tmp
    14/04/2008 03:19:38 0 byte 1 days old -- nwo204.tmp
    14/04/2008 14:44:36 (DIR) 0 byte 1 days old -- plugtmp-8
    14/04/2008 20:59:48 (DIR) 0 byte 1 days old -- plugtmp-9
    14/04/2008 22:55:32 (DIR) 0 byte 1 days old -- MessengerCache
    15/04/2008 12:09:24 (DIR) 0 byte 0 days old -- WPDNSE
    15/04/2008 12:14:21 6168 byte 0 days old -- jusched.log
    15/04/2008 14:43:20 (DIR) 0 byte 0 days old -- audacity_1_2_temp
    15/04/2008 15:11:22 (DIR) 0 byte 0 days old -- flashgot.6lumh0y1.default
    15/04/2008 17:05:16 (DIR) 0 byte 0 days old -- plugtmp-10
    15/04/2008 18:41:08 6597 byte 0 days old -- LVCOMSX.LOG
    15/04/2008 20:00:42 72 byte 0 days old -- 0093624745020-01_03.ram
    15/04/2008 20:53:49 (DIR) 0 byte 0 days old -- plugtmp-11
    15/04/2008 20:59:25 65 byte 0 days old -- systemscan.ini
    15/04/2008 20:59:26 16384 byte 0 days old -- ~DFC86F.tmp
    15/04/2008 20:59:26 16384 byte 0 days old -- ~DFC86A.tmp
    15/04/2008 20:59:26 (DIR) 0 byte 0 days old -- nsc2D0.tmp
    15/04/2008 20:59:26 (DIR) 0 byte 0 days old -- nsc2CF.tmp

    ==========================================
    Scan completed in 0 minutes
    End of report


    ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
    SystemScan uses some freeware tools that remain property of their authors:

    * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
    * dumphive (Markus Stephany)--> "Registry scan"
    * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
    * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
    ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

    Thanks to all of them for their hard work

    15 Avril 2008 23:21:54

    Re,

    Il y a quelque chose de bizarre... J'ai l'impression que tu t'es fait réinfecter entre temps. As-tu bien supprimé tous les cracks présents sur ton PC ? As-tu bien fait attention à ne pas relancer un cracks et/ou un fichier de p22 ?

    Bon, on va vérifier quelque chose. Refais un combofix normal et poste-moi le rapport. Fais bien attention à me poster le rapport du dernier scan effectué avec combofix.

    Bonne nuit, à demain :hello: 
    15 Avril 2008 23:30:53

    Re,
    ben lorsque j'ai réutilisé photoshop, mon PC s'est vraiment ralenti tout d'un coup, ça pourrait être du à ça ?? Le problème c'est que je ne sais pas où sont les fichiers crackés, il y en a tellement :s
    Bonne nuit, à demain ;) 
    15 Avril 2008 23:48:16

    Citation :
    Le problème c'est que je ne sais pas où sont les fichiers crackés, il y en a tellement :s
    Bonne nuit, à demain


    Supprime les tous si tu veux espérer te débarrasser de ce trojan vundo ( une vraie plaie ! ).

    Avant de faire un combofix, tu vas d'abord me faire ce scan en ligne.

    Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime ;) 

    http://www.bitdefender.fr/
    et copie colle le résultat ici
    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, etc.

    Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

    Poste-moi le rapport en entier ;) 

    Bonne nuit, à demain :hello: 
    16 Avril 2008 00:11:46

    Et il n'y a que les cracks qui peuvent être infectés, ou même des fichiers mp3 et des films par exemple ??
    Je fais le scan maintenant ;) 
    Bonne nuit ;) 
    16 Avril 2008 11:45:25

    Re,

    J'attends le rapport de BitDefender :p 
    16 Avril 2008 14:15:18

    Re :) 
    voilà :

    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Wed, Apr 16, 2008 - 01:25:30</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;</span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Temps</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">00:59:24</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">83597</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Directoires</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">14527</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Secteurs de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">3</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">761</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">3801</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>



    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Résultats</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus identifiés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">42</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers infectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">148</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers suspects</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Désinfectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers effacés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">148</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Définition virus</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1144398</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Version des moteurs</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">16</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">41</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Système plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Première action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Désinfecté</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Seconde Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristique</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Extensions analysées</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Excludez les extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2"> </font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse d'emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td colspan=2>  
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe=>(NSIS o)=>zlib_nsis0011</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: DeepScan:Generic.Zlob.38B68927</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe=>(NSIS o)=>zlib_nsis0011</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe=>(NSIS o)=>zlib_nsis0011</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe=>(NSIS o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088859.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088859.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088859.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088875.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088875.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088875.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088898.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDV</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088898.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088915.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIK</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088915.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088936.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIK</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP166\A0088936.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0089015.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEP</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0089015.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0089028.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0089028.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0089028.ini</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0090025.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0090025.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0090026.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0090026.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091025.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091025.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091057.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091057.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091071.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091071.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091072.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP167\A0091072.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092282.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFJ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092282.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092292.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092292.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092310.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092310.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092331.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFQ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP168\A0092331.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092393.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFY</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092393.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092410.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFY</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092410.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092421.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDO</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP169\A0092421.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092710.exe=>(NSIS o)=>lzma_nsis0001</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Comet.C.1.A</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092710.exe=>(NSIS o)=>lzma_nsis0001</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092710.exe=>(NSIS o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092712.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFB</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092712.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092716.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFB</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092716.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092723.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092723.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092726.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092726.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092728.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092728.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092729.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092729.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092730.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092730.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092732.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFJ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092732.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092735.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092735.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092740.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092740.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092744.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092744.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092745.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEQ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092745.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092746.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIK</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092746.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092749.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEU</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092749.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092750.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092750.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092754.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEP</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092754.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092755.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EER</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092755.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092756.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092756.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092757.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092757.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092759.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEU</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092759.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092760.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDT</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092760.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092768.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092768.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092773.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092773.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092779.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092779.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092786.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGS</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092786.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092791.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EES</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092791.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092797.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFQ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092797.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092799.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092799.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092800.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092800.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092801.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEQ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092801.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092808.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092808.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092810.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFV</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092810.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092813.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDU</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092813.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092816.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092816.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092820.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGB</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092820.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092821.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092821.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092822.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092822.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092824.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092824.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092827.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFV</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP172\A0092827.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0096192.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0096192.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097192.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097192.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097197.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Clickspring.R</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097197.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097198.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Agent.AHAU</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097198.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097199.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Agent.AHBI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097199.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097199.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097298.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Agent.AHBI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097298.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097298.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097301.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Agent.AHAU</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097301.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097302.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Agent.AHBI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097302.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097302.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097304.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Clickspring.R</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP174\A0097304.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099505.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFB</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099505.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099506.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFB</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099506.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099508.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099508.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099516.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099516.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099528.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFV</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099528.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099531.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFV</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0099531.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0101118.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0101118.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109131.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EGM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109131.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109152.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109152.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109153.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.Virtumonde.GIL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109153.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109154.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GI</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109154.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109155.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EFJ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{6D711132-397B-4A55-913E-7B5AEFC9E608}\RP175\A0109155.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="5
    16 Avril 2008 14:20:15

    Re,

    Bien !

    As-tu bien supprimé tous els cracks présents sur ton PC ? En gros ce sont tous tes logiciels, fichiers etc... acquis "sans payer" pour ne pas dire illégalement :D 

    Fais maintenant un nouveau scan avec combofix et poste-moi le rapport généré.

    ;) 
    16 Avril 2008 17:11:56

    Re, ;) 
    Alors j'ai fais le tri dans mon PC, j'ai supprimé tous les cracks, en esperant ne pas en avoir oublié...

    Voilà le rapport :
    ComboFix 08-04-08.10 - monstrum 2008-04-16 16:33:10.3 - NTFSx86
    Endroit: C:\Documents and Settings\Administrateur.ORDI\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\dunxogbj.dll
    C:\WINDOWS\system32\goarahql.dll
    C:\WINDOWS\system32\jandmcnf.dll
    C:\WINDOWS\system32\kqekgxbe.dll
    C:\WINDOWS\system32\mfsmjhre.dll
    C:\WINDOWS\system32\nenuaovf.dll
    C:\WINDOWS\system32\nyqmhuhq.dll
    C:\WINDOWS\system32\qajsrwnh.dll
    C:\WINDOWS\system32\xhpxlafo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-16 14:10 . 2008-04-16 14:10 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-16 00:19 . 2008-04-16 01:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-11 19:33 . 2008-04-11 19:33 <REP> d-------- C:\Documents and Settings\Administrateur.ORDI\Application Data\Malwarebytes
    2008-04-11 19:32 . 2008-04-11 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-11 19:32 . 2008-04-11 19:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-04-09 00:49 . 2008-04-09 01:31 <REP> d-------- C:\VundoFix Backups
    2008-04-09 00:19 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-04-09 00:18 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-04-09 00:17 . 2001-08-23 16:57 286,848 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-04-09 00:16 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-04-09 00:15 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-04-09 00:14 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-04-09 00:13 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-04-09 00:12 . 2001-08-23 17:03 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-04-09 00:11 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-04-09 00:10 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2008-04-09 00:09 . 2004-08-19 16:09 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
    2008-04-09 00:08 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-04-09 00:07 . 2001-08-23 17:16 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
    2008-04-09 00:06 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-04-09 00:05 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-04-09 00:04 . 2001-08-23 17:03 715,466 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
    2008-04-09 00:03 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-04-09 00:02 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-04-09 00:01 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
    2008-04-09 00:00 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\OLD4D.tmp
    2008-04-08 23:59 . 2008-04-08 23:59 <REP> d-------- C:\WINDOWS\msagent
    2008-04-08 23:36 . 2008-04-08 23:36 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-08 17:14 . 2008-04-08 17:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-29 16:01 . 2008-03-29 16:01 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-03-18 21:28 . 2008-03-18 21:31 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-18 21:26 . 2008-03-18 22:21 <REP> d-------- C:\Program Files\Guitar Pro 5

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 14:32 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\OpenOffice.org2
    2008-04-16 14:31 --------- d-----w C:\Program Files\Lx_cats
    2008-04-16 00:04 --------- d-----w C:\Program Files\eMule
    2008-04-15 22:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-15 20:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-04-14 23:01 --------- d-----w C:\Program Files\BitLord
    2008-04-11 17:31 --------- d-----w C:\Program Files\Common Files
    2008-04-08 21:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-04 20:12 --------- d-----w C:\Program Files\Opera
    2008-04-04 20:04 --------- d-----w C:\Program Files\Geneatique2007
    2008-04-03 20:28 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\LimeWire
    2008-03-11 17:31 --------- d-----w C:\Program Files\Azureus
    2008-03-11 17:31 --------- d-----w C:\Documents and Settings\Administrateur.ORDI\Application Data\Azureus
    2008-02-22 18:49 --------- d-----w C:\Program Files\Alcohol Soft
    2008-02-22 18:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-22 18:28 --------- d-----w C:\Program Files\Mvm
    2008-02-22 18:28 --------- d-----w C:\Program Files\Borland
    2008-02-18 20:29 --------- d-----w C:\Program Files\Total Video Converter
    2008-02-12 13:23 6,688 ----a-w C:\WINDOWS\movexe.exe
    2008-01-28 18:49 30,601 ----a-w C:\Documents and Settings\Administrateur.ORDI\x.exe
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    2007-03-25 21:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    2007-03-25 21:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ------- Sigcheck -------

    2006-11-11 16:02 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((( snapshot_2008-04-10_19.49.46,36 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-07-18 17:39:15 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-04-14 01:41:26 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2007-07-18 17:39:24 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-04-14 01:41:36 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2007-07-18 17:39:24 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-04-14 01:41:05 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2007-07-18 17:39:26 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-04-14 01:41:39 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2007-07-18 17:39:22 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-04-14 01:41:16 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2007-07-18 17:39:09 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-04-14 01:41:44 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2007-07-18 17:39:09 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-04-14 01:41:44 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2007-07-18 17:39:30 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-04-14 01:41:37 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2007-07-18 17:39:18 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-04-14 01:41:13 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-07-18 17:39:14 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-04-14 01:41:23 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2007-07-18 17:39:08 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-04-14 01:41:14 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2007-07-18 17:39:11 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-04-14 01:41:25 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2007-07-18 17:39:23 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-04-14 01:41:30 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2007-07-18 17:39:23 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-04-14 01:41:32 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2007-07-18 17:39:24 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-04-14 01:41:33 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2007-07-18 17:39:12 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-04-14 01:41:45 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2007-07-18 17:39:12 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-04-14 01:41:46 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2007-07-18 17:39:13 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-04-14 01:41:48 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2007-07-18 17:39:14 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-04-14 01:41:49 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2007-07-18 17:39:12 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-04-14 01:41:33 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2007-07-18 17:39:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-04-14 01:41:31 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2007-07-18 17:39:32 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-04-14 01:41:29 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2007-07-18 17:39:06 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-04-14 01:41:40 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2007-07-18 17:39:31 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-04-14 01:41:29 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2007-07-18 17:39:32 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2008-04-14 01:41:09 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2007-07-18 17:39:08 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-04-14 01:41:42 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2007-07-18 17:39:07 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-04-14 01:41:28 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2007-07-18 17:39:08 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-04-14 01:41:27 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2007-07-18 17:39:28 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-04-14 01:41:34 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2007-07-18 17:39:15 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-04-14 01:41:35 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2007-07-18 17:39:29 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-04-14 01:41:15 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2007-07-18 17:39:27 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-04-14 01:41:17 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2007-07-18 17:39:10 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-04-14 01:41:18 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2007-07-18 17:39:22 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-04-14 01:41:50 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2007-07-18 17:39:17 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-04-14 01:41:47 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2007-07-18 17:39:16 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-04-14 01:41:23 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2007-07-18 17:39:17 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-04-14 01:41:41 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2007-07-18 17:39:30 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-04-14 01:41:09 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2007-07-18 17:39:27 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-04-14 01:41:43 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2007-07-18 17:39:30 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-04-14 01:41:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2007-07-18 17:39:27 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-04-14 01:41:38 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2007-07-18 17:39:28 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-04-14 01:41:37 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2007-07-18 17:39:14 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-04-14 01:41:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2007-07-18 17:39:17 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-04-14 01:41:11 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2007-07-18 17:39:31 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-04-14 01:41:21 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2007-07-18 17:39:19 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-04-14 01:41:22 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2007-07-18 17:39:19 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-04-14 01:41:20 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2007-07-18 17:39:20 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-04-14 01:41:24 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2007-07-18 17:39:20 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-04-14 01:41:12 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2007-07-18 17:39:29 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-04-14 01:41:19 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-04-14 16:22:09 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
    + 2008-04-14 16:22:17 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
    + 2008-04-14 16:22:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
    + 2008-04-14 16:22:18 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
    + 2008-04-14 16:22:24 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
    + 2008-04-14 16:22:25 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
    + 2008-04-14 16:22:33 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
    + 2008-04-14 16:22:34 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
    + 2008-04-14 16:22:43 1,056,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0a689dfc7efa3305a9b38ecea1bde867\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2008-04-14 16:22:43 33,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\13ce05082a6d47918a8f800ac73feecf\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
    + 2008-04-14 16:22:38 21,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1665b51234d77b96eff1a7143897f17c\Microsoft.PowerShell.Commands.Management.resources.ni.dll
    + 2008-04-14 16:22:48 176,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f92ba5b0eb2009ced69ac221cbfe0ca\Microsoft.PowerShell.Security.ni.dll
    + 2008-04-14 16:22:37 520,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\47b91fae323d79d3371c184390375bf1\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2008-04-14 16:22:49 18,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\54242ec15752bd983708ea1b531f4a3e\Microsoft.PowerShell.Security.resources.ni.dll
    + 2008-04-14 16:22:47 39,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\794bc0023130d1d66161d4c7f76270dc\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
    + 2008-04-14 16:22:46 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\dcf6054c13f72a8ce232d1e7206bdfa0\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2008-04-14 16:22:55 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
    + 2008-04-14 12:04:00 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
    + 2008-04-14 16:22:59 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
    + 2008-04-14 12:05:10 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
    + 2008-04-14 16:23:03 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
    + 2008-04-14 12:06:02 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
    + 2008-04-14 16:23:07 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
    + 2008-04-14 16:23:10 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
    + 2008-04-14 12:06:13 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
    + 2008-04-14 12:06:11 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
    + 2008-04-14 16:23:13 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
    + 2008-04-14 16:23:13 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
    + 2008-04-14 16:23:32 204,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3e06e49494455f225a7fed21cb68e27f\System.Management.Automation.resources.ni.dll
    + 2008-04-14 16:23:31 5,230,592 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8ad8e484b0d467876bf75bb5509b45fa\System.Management.Automation.ni.dll
    + 2008-04-14 16:23:35 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
    + 2008-04-14 16:23:37 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
    + 2008-04-14 16:23:39 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
    + 2008-04-14 16:24:32 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
    + 2008-04-14 16:24:34 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
    + 2008-04-14 16:24:41 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
    + 2008-04-14 16:24:20 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
    + 2008-04-14 12:07:00 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
    + 2008-04-14 12:07:15 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
    + 2008-04-14 12:04:45 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
    + 2008-04-15 22:20:26 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-04-15 22:20:26 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-04-15 22:20:26 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-04-15 22:20:29 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-04-15 22:20:30 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-04-15 22:20:27 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    + 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    - 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    - 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    - 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    - 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    + 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    - 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    - 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    - 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    - 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    - 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    - 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    - 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    - 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    - 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    - 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    - 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    - 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    - 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    - 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    - 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    - 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    - 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    - 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    - 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    - 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    - 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    - 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    - 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    - 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    - 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    - 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    - 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    - 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    - 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    - 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    - 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    - 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    - 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    - 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    - 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    - 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    - 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    - 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    - 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    - 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    - 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    - 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    - 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    - 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    - 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    - 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    - 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    - 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    - 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    - 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    - 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    - 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    - 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    - 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    - 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    - 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    - 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    - 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    - 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    - 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    - 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    - 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    - 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    - 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    - 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    - 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    - 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    - 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    - 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    - 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    - 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    - 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    - 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    - 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    - 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    - 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    - 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    - 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    - 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    - 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    - 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    - 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    - 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    - 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    - 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    - 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    - 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    - 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    - 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    - 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    - 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    - 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    - 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    - 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    - 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    - 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    - 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    - 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    - 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    - 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    - 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    - 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
    + 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
    - 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
    + 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
    - 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
    + 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
    - 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
    + 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
    - 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
    + 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
    - 2008-03-31 09:35:36 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-14 01:41:57 71,154 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-31 09:35:36 83,380 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-14 01:41:57 85,152 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-31 09:35:36 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-14 01:41:57 423,718 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-31 09:35:36 485,450 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-14 01:41:57 491,694 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-14 01:41:30 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
    + 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
    + 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
    - 2007-07-18 17:39:09 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-04-14 01:41:44 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2007-07-18 17:39:09 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2008-04-14 01:41:44 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
    "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-28 21:57 68856]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2007-01-23 13:34 53248 C:\WINDOWS\system32\SiSPower.dll]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

    C:\Documents and Settings\Administrateur.ORDI\Menu D%u201Amarrer\Programmes\D%u201Amarrage\
    IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe [2007-02-28 15:40:29 112128]

    C:\Documents and Settings\All Users.WINDOWS\Menu D%u201Amarrer\Programmes\D%u201Amarrage\
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-02-28 16:42:24 262144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuMorePrograms"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "NoInstrumentation"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^TimeLeft.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\TimeLeft.lnk
    backup=C:\WINDOWS\pss\TimeLeft.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^UDPixel.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\UDPixel.lnk
    backup=C:\WINDOWS\pss\UDPixel.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.ORDI^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
    path=C:\Documents and Settings\Administrateur.ORDI\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
    backup=C:\WINDOWS\pss\Xfire.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Last.fm Helper.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-01-15 17:14 147456 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    --a------ 2005-08-01 08:05 94208 C:\Program Files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\AntivirusFirewall\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    C:\Program Files\FlashGet\FlashGet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-11-20 21:21 1840128 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2004-12-14 19:57 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2004-12-14 19:51 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    --a------ 2005-07-21 02:07 200704 C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
    C:\Program Files\MSN Webcam Recorder\ml20gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
    C:\WINDOWS\msnlogm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 18:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-03-28 21:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    C:\Program Files\Save\Save.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 02:08]
    S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE []
    S2 Ca536av;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys []
    S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sy
    16 Avril 2008 17:21:22

    Re,

    C'est bien ce que je pensais, il y a eu réinfection car tu n'avais pas supprimé les cracks de ton PC. Pourtant :

    Citation :
    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.


    Donc tu me fais un peu perdre mon temps car du coup je dois à nouveau redésinfecter ton PC. Enfin, j'espère au moins que tu as compris maintenant. Tu vas donc devoir refaire des procédures déjà faites.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 


    16 Avril 2008 22:52:25

    Désolé :ange: 
    17 Avril 2008 12:17:37

    Re,

    J'attends le rapport de MBAM.

    ;) 
    17 Avril 2008 12:47:56

    Bonjour :) 
    Je fais ça dans l'apres midi ;) 
    17 Avril 2008 23:48:29

    Re, il n'a rien détecté :D 

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 614

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 210159
    Temps écoulé: 4 hour(s), 3 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    17 Avril 2008 23:50:47

    Re,

    Refais un scan avec suspectfile et poste-moi le rapport ;) 

    Bonne nuit, à demain :hello: 
    18 Avril 2008 00:00:02

    voilà, bonne nuit ;) 

    SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

    Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
    System directory: C:\WINDOWS
    SystemScan file: C:\Documents and Settings\Administrateur.ORDI\Bureau\sys40796.exe
    Running in: User mode
    Date: 17/04/2008
    Time: 23:58:39

    Output limited to:
    -Recent files

    ===================== RECENT FILES =====================

    Showing files newer than 30 days

    ----- recent files in C:\
    03/04/2008 19:39:36 19318 byte 14 days old -- lxcgscan.log
    09/04/2008 01:31:09 (DIR) 0 byte 8 days old -- VundoFix Backups
    09/04/2008 19:20:24 5531 byte 8 days old -- VundoFix.txt
    16/04/2008 16:39:39 (DIR) 0 byte 1 days old -- QooBox
    16/04/2008 16:39:39 67248 byte 1 days old -- ComboFix.txt
    16/04/2008 17:12:40 (DIR) 0 byte 1 days old -- RECYCLER
    17/04/2008 12:47:34 (DIR) 0 byte 0 days old -- Program Files
    17/04/2008 13:04:47 (DIR) 0 byte 0 days old -- Config.Msi
    17/04/2008 14:51:42 13030 byte 0 days old -- PDOXUSRS.NET
    17/04/2008 22:53:27 704643072 byte 0 days old -- pagefile.sys
    17/04/2008 22:53:28 (DIR)469291008 byte 0 days old -- hiberfil.sys
    17/04/2008 22:53:53 (DIR) 0 byte 0 days old -- WINDOWS

    ----- recent files in C:\WINDOWS\
    28/03/2008 13:10:06 (DIR) 0 byte 20 days old -- Network Diagnostic
    04/04/2008 22:03:32 (DIR) 0 byte 13 days old -- twain_32
    04/04/2008 22:03:33 (DIR) 0 byte 13 days old -- SETUP536
    08/04/2008 23:36:41 (DIR) 0 byte 9 days old -- ERUNT
    08/04/2008 23:59:01 (DIR) 0 byte 9 days old -- msagent
    09/04/2008 00:44:26 81952 byte 8 days old -- WgaNotify.log
    09/04/2008 17:06:49 71072 byte 8 days old -- BM0fddfe9c.txt
    09/04/2008 18:24:56 (DIR) 0 byte 8 days old -- erdnt
    09/04/2008 22:23:21 (DIR) 0 byte 8 days old -- Prefetch
    14/04/2008 03:18:44 1462 byte 3 days old -- win.ini
    14/04/2008 03:41:44 (DIR) 0 byte 3 days old -- WinSxS
    14/04/2008 18:22:02 (DIR) 0 byte 3 days old -- Microsoft.NET
    14/04/2008 18:24:42 (DIR) 0 byte 3 days old -- assembly
    16/04/2008 00:20:07 (DIR) 0 byte 1 days old -- Downloaded Program Files
    16/04/2008 01:25:31 (DIR) 0 byte 1 days old -- BDOSCAN8
    16/04/2008 16:36:29 227 byte 1 days old -- system.ini
    16/04/2008 16:39:40 53248 byte 1 days old -- PSEXESVC.EXE
    16/04/2008 16:39:46 (DIR) 0 byte 1 days old -- system32
    17/04/2008 10:04:07 (DIR) 0 byte 0 days old -- TEMP
    17/04/2008 13:04:47 (DIR) 0 byte 0 days old -- Installer
    17/04/2008 17:43:22 174592 byte 0 days old -- wmsetup.log
    17/04/2008 17:47:57 32542 byte 0 days old -- SchedLgU.Txt
    17/04/2008 21:56:02 9975604 byte 0 days old -- ntbtlog.txt
    17/04/2008 22:53:28 2048 byte 0 days old -- bootstat.dat
    17/04/2008 22:53:43 313 byte 0 days old -- wiaservc.log
    17/04/2008 22:53:44 1089693 byte 0 days old -- WindowsUpdate.log
    17/04/2008 22:53:46 159 byte 0 days old -- wiadebug.log
    17/04/2008 22:53:47 0 byte 0 days old -- 0.log
    17/04/2008 22:53:53 (DIR) 0 byte 0 days old -- inf
    17/04/2008 22:53:53 (DIR) 0 byte 0 days old -- LastGood
    17/04/2008 22:53:53 498361 byte 0 days old -- setupapi.log
    17/04/2008 22:54:25 69 byte 0 days old -- NeroDigital.ini

    ----- recent files in C:\WINDOWS\Downloaded Program Files\

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    19/03/2008 19:39:14 1403480 byte 29 days old -- FNTCACHE.DAT
    29/03/2008 16:01:18 (DIR) 0 byte 19 days old -- LogFiles
    07/04/2008 17:34:42 3072 byte 10 days old -- CONFIG.NT
    09/04/2008 18:26:04 (DIR) 0 byte 8 days old -- config
    14/04/2008 03:41:57 423718 byte 3 days old -- perfh009.dat
    14/04/2008 03:41:57 85152 byte 3 days old -- perfc00C.dat
    14/04/2008 03:41:57 1039354 byte 3 days old -- PerfStringBackup.INI
    14/04/2008 03:41:57 491694 byte 3 days old -- perfh00C.dat
    14/04/2008 03:41:57 71154 byte 3 days old -- perfc009.dat
    16/04/2008 14:10:01 2228 byte 1 days old -- wpa.dbl
    16/04/2008 16:33:32 (DIR) 0 byte 1 days old -- drivers
    17/04/2008 17:50:17 (DIR) 0 byte 0 days old -- dllcache
    17/04/2008 22:53:51 (DIR) 0 byte 0 days old -- CatRoot2

    ----- recent files in C:\WINDOWS\system32\drivers\
    09/04/2008 18:27:52 (DIR) 0 byte 8 days old -- etc

    ----- recent files in C:\WINDOWS\temp\
    17/04/2008 10:04:06 (DIR) 0 byte 0 days old -- Fichiers Internet temporaires
    17/04/2008 10:04:07 (DIR) 0 byte 0 days old -- History
    17/04/2008 10:04:07 (DIR) 0 byte 0 days old -- Cookies
    17/04/2008 22:53:32 255 byte 0 days old -- WGAErrLog.txt

    ----- recent files in C:\Program Files\
    04/04/2008 22:04:20 (DIR) 0 byte 13 days old -- Geneatique2007
    04/04/2008 22:12:48 (DIR) 0 byte 13 days old -- Opera
    08/04/2008 17:14:03 (DIR) 0 byte 9 days old -- Trend Micro
    08/04/2008 23:59:01 (DIR) 0 byte 9 days old -- netmeeting
    09/04/2008 00:05:42 (DIR) 0 byte 8 days old -- Windows Media Player
    11/04/2008 19:31:13 (DIR) 0 byte 6 days old -- Common Files
    11/04/2008 19:32:48 (DIR) 0 byte 6 days old -- Malwarebytes' Anti-Malware
    14/04/2008 03:40:40 (DIR) 0 byte 3 days old -- Internet Explorer
    15/04/2008 01:01:14 (DIR) 0 byte 2 days old -- BitLord
    15/04/2008 23:55:15 (DIR) 0 byte 2 days old -- Adobe
    16/04/2008 00:06:46 (DIR) 0 byte 1 days old -- Fichiers communs
    16/04/2008 19:52:32 (DIR) 0 byte 1 days old -- Lx_cats
    16/04/2008 20:15:53 (DIR) 0 byte 1 days old -- GIMP-2.0
    16/04/2008 22:56:00 (DIR) 0 byte 1 days old -- Google
    17/04/2008 12:47:34 (DIR) 0 byte 0 days old -- Smart Projects
    17/04/2008 22:53:56 (DIR) 0 byte 0 days old -- Mozilla Firefox
    17/04/2008 23:03:33 (DIR) 0 byte 0 days old -- eMule

    ----- recent files in C:\Program Files\Fichiers communs\
    16/04/2008 00:06:46 (DIR) 0 byte 1 days old -- Adobe

    ----- recent files in C:\Documents and Settings\Administrateur.ORDI\Application Data\
    03/04/2008 22:28:57 (DIR) 0 byte 14 days old -- LimeWire
    11/04/2008 19:33:04 (DIR) 0 byte 6 days old -- Malwarebytes
    12/04/2008 15:42:24 (DIR) 0 byte 5 days old -- Adobe
    17/04/2008 12:37:05 (DIR) 0 byte 0 days old -- OpenOffice.org2
    17/04/2008 14:42:03 (DIR) 0 byte 0 days old -- gtk-2.0

    ----- recent files in C:\DOCUME~1\ADMINI~1.ORD\LOCALS~1\Temp\
    16/04/2008 17:23:32 0 byte 1 days old -- isEF.tmp
    16/04/2008 17:59:21 20513 byte 1 days old -- 23,under-the-bridge,664838.gp4
    16/04/2008 20:09:38 (DIR) 0 byte 1 days old -- plugtmp
    16/04/2008 20:17:02 (DIR) 0 byte 1 days old -- fontconfig
    17/04/2008 01:21:58 2019923 byte 0 days old -- Under the Bridge.rar
    17/04/2008 10:17:42 0 byte 0 days old -- uy877.tmp
    17/04/2008 13:02:26 0 byte 0 days old -- is146.tmp
    17/04/2008 15:57:59 (DIR) 0 byte 0 days old -- MessengerCache
    17/04/2008 17:08:44 (DIR) 0 byte 0 days old -- flashgot.6lumh0y1.default
    17/04/2008 17:52:09 311296 byte 0 days old -- ~DF589D.tmp
    17/04/2008 22:53:48 1953 byte 0 days old -- LVCOMSX.LOG
    17/04/2008 22:53:52 (DIR) 0 byte 0 days old -- WPDNSE
    17/04/2008 22:58:49 1536 byte 0 days old -- jusched.log
    17/04/2008 23:17:52 71916 byte 0 days old -- photo.jpg
    17/04/2008 23:26:45 0 byte 0 days old -- g5728.tmp
    17/04/2008 23:33:15 (DIR) 0 byte 0 days old -- plugtmp-1
    17/04/2008 23:58:19 16384 byte 0 days old -- ~DFD6CC.tmp
    17/04/2008 23:58:19 65 byte 0 days old -- systemscan.ini
    17/04/2008 23:58:20 (DIR) 0 byte 0 days old -- nst86.tmp

    ==========================================
    Scan completed in 0,3 minutes
    End of report


    ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
    SystemScan uses some freeware tools that remain property of their authors:

    * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
    * dumphive (Markus Stephany)--> "Registry scan"
    * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
    * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
    ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

    Thanks to all of them for their hard work

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS