Se connecter / S'enregistrer
Votre question

mon ordi est il infecté?!!!!!!![résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Décembre 2007 13:28:59

salut à tous
voilà ,j'ai formaté dernierement mon dd et j'ai installé tous les logiciels indiqués ds le tuto securité avec avast et mnt depuis hier j'ai un msg d'alerte windows je ne sais pas ce qui se passe et il y a 2icones qui se sont auto installées sur le bureau de windows update et windows helper et des msg du genre "the instructions at "0*01d62739"referenced memory at "0*02354e50".the memory could not be read clock on ok to terminate " apparaissent tt le temps..
je ne sais plus quoi faire..
aidez moi pleaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaase

Autres pages sur : ordi infecte resolu

20 Décembre 2007 13:59:10

j'ai egalement ce msg ui apparait tt le temps
"during a sca of files a t system startup potential errors in the sysytem registry were found p-07-0100 irql: 1f SYSVER 0*ff00024 NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED
a b 8 Sécurité
20 Décembre 2007 16:17:15

Bonjour,

On peut vérifier.

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Contenus similaires
20 Décembre 2007 17:01:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:55, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAP Premium\DAP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svxela.com/trafc-2/rfe.php?cmp=impressions_se_ju...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP Premium\DAP.exe" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xquymfpi.exe (file missing)
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7463 bytes
je viens egalemenet de recevoir ce msg windows
A potential problem has been detected and windows has been shutdown buggy application to prevent damage to your computer
****WXYZ.SYS -Adress F79120AE base at C00000,DateStamp 36b072a3 Kernel debugger Using :COM2(port 0x28f, Baud rate 192000)
merci d'avance..
a b 8 Sécurité
20 Décembre 2007 17:09:30

Tu peux commencer par désinstalle tes 50 programmes de p2p ?
20 Décembre 2007 17:15:13

d'accord mais je les ai tjr eu sans avoir ce pb !!!tu crois qu'ils en sont la cause?!!!!
je vais les desintaller mnt mais tu m'en conseille un sans risque apres
merci encore une fois
a b 8 Sécurité
20 Décembre 2007 17:17:50

Nan mais il y aura toujours un risque avec le p2p...
20 Décembre 2007 17:18:36

bonjour
Citation :
je vais les desintaller mnt mais tu m'en conseille un sans risque apres

Tu peux compter sur Angeldark :lol: 

20 Décembre 2007 17:19:35

ça y est c fait et apres?!!!je fais quoi?
a b 8 Sécurité
20 Décembre 2007 17:25:09

Evite le sms. Reposte un rapport Hijackthis.
20 Décembre 2007 17:25:47

je refais una utre rapport ou j'installe combofix?!!!!
20 Décembre 2007 17:27:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:53, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAP Premium\DAP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svxela.com/trafc-2/rfe.php?cmp=impressions_se_ju...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP Premium\DAP.exe" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xquymfpi.exe (file missing)
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7147 bytes
20 Décembre 2007 17:29:40

je crois que c'est à cause de mon antivirus je fais pas trop confiance à avast..il detecte pas tous les virus mais j'arrive pas à choisir un autre!!!!si t'en connais un plus performant stp pour que je n'aurais plus le meme probleme ...
20 Décembre 2007 17:39:33

d'accord
pourvu que ça marche...ça se se reproduit pour la n ème fois ce probleme et j'eais obligée de formater mon ordi 3fois en moins d'un mois a cause de ça ..et je perds tout mon travail meme sur les autres partitions autres que le c (formaté)
20 Décembre 2007 18:15:12

je l'ai installé il est encore en phase de mise à jour ..
20 Décembre 2007 18:23:05

comment te poster le fichier de scan? ila commencé le scan et il n'y a aucune option de sauvegarde de scan,et d'ailleurs il m'a signalé l'existence d'un virus c:\n1deiect.com is the torjan horse TR/Crypt.NPSM.Gen
que dois_je faire?
a b 8 Sécurité
20 Décembre 2007 18:24:52

Il faut attendre la fin du scan.
20 Décembre 2007 18:26:59

en attendant je fais quoi a chaque fois qu'il detecte quelque chose je la mets en quarantaine ou je supprime?!!!
20 Décembre 2007 18:32:24

il vient d'en detecter un autre C\windows\system32\amov1.dll
avec access deny coché je fais quoi stp
20 Décembre 2007 18:38:51

alooooo
dslée mais je ne sais pas si je dois tout mettre en quarantaine ou quoi faire !!!!!
a b 8 Sécurité
20 Décembre 2007 18:52:21

Tu peux patienter ? Mets tout en quarantaine.
20 Décembre 2007 19:28:56

:-( c'est fait et voilà le rapport du scan


AntiVir PersonalEdition Classic
Report file date: jeudi 20 décembre 2007 18:21

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ASSOUMA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 20 décembre 2007 18:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'NclMSBTSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\n1deiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceaa1b.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\uxdeiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceaabe.qua'!
C:\Documents and Settings\Administrateur\Local Settings\Temp\ro.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '4798aac3.qua'!
C:\RECYCLER\S-1-5-21-1177238915-583907252-1801674531-500\Dc51.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479face6.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0004816.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aacf1.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0005047.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aacf7.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005820.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad03.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005821.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd2c.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005822.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad04.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005828.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd2d.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0006741.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad06.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0006742.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd2f.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0007141.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad11.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0007142.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd3a.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007434.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad18.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007435.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd31.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007436.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479aad1a.qua'!
C:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007437.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7fd33.qua'!
C:\WINDOWS\system32\amvo.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47e0ae66.qua'!
C:\WINDOWS\system32\amvo0.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '469ce4c7.qua'!
Begin scan in 'D:\' <Etudes>
D:\n1deiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceae5d.qua'!
D:\uxdeiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceaea6.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0004818.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab0a8.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0005049.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7e081.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005824.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab0a9.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0006744.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7e082.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007440.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab0aa.qua'!
D:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007441.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7e083.qua'!
Begin scan in 'E:\' <Loisirs>
E:\n1deiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceb0dd.qua'!
E:\uxdeiect.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '47ceb124.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0004820.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab110.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP23\A0005051.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7e139.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0005826.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab111.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP25\A0006746.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '46e7e13a.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007442.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab113.qua'!
E:\System Volume Information\_restore{736CF3D5-9B7F-4E7C-BF18-F475B68A4735}\RP26\A0007443.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479ab112.qua'!


End of the scan: jeudi 20 décembre 2007 19:30
Used time: 1:08:39 min

The scan has been done completely.

7254 Scanning directories
364213 Files were scanned
36 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
36 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
364177 Files not concerned
1578 Archives were scanned
1 Warnings
0 Notes

a b 8 Sécurité
20 Décembre 2007 19:46:57

Reposte un rapport Hijackthis.
20 Décembre 2007 19:48:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:19, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAP Premium\DAP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svxela.com/trafc-2/rfe.php?cmp=impressions_se_ju...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP Premium\DAP.exe" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xquymfpi.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7087 bytes
20 Décembre 2007 19:54:56

en fait parfois spybot me demande l'autorisation à des modification dans le registre que je ne comprends pas parfois ,du genre helper ou je ne sais plus quoi.. est ce que je dois toujours refuser et n'accepter que celles pour les programmes que j'installe ou...merci encore une fois
20 Décembre 2007 19:58:17

mes trois partitions ne s'ouvrent plus maintenant il me fait sortir la fenetre ouvrir avec à chaque fois que j'essaye d'acceder à l'une d'elles...je commence à paniquer j'ai pas envie de reformater une fois de plus ...
a b 8 Sécurité
20 Décembre 2007 20:01:02

Re,

Désactive tes protections résidentes (antivirus...) ![/#f]

  • Télécharge [#ff0000]combofix.exe
  • (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    20 Décembre 2007 20:24:04

    ComboFix 07-12-20.1 - ASSOUMA 2007-12-20 20:09:52.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.122 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Program Files\Temporary
    C:\WINDOWS\b122.exe
    C:\WINDOWS\system32\bccdd.bak1
    C:\WINDOWS\system32\bccdd.bak2
    C:\WINDOWS\system32\bccdd.ini
    C:\WINDOWS\system32\cgxhjeyh.dll
    C:\WINDOWS\system32\crwqildo.exe
    C:\WINDOWS\system32\ddccb.dll
    C:\WINDOWS\system32\efcaxwv.dll
    C:\WINDOWS\system32\exneiepg.dll
    C:\WINDOWS\system32\fpligflm.dll
    C:\WINDOWS\system32\fwnluafs.ini
    C:\WINDOWS\system32\hdtjoube.dll
    C:\WINDOWS\system32\hfxotbrr.dll
    C:\WINDOWS\system32\hgghecb.dll
    C:\WINDOWS\system32\iowbyanm.ini
    C:\WINDOWS\system32\ixwelxxp.ini
    C:\WINDOWS\system32\jaddqdgq.dll
    C:\WINDOWS\system32\jfliirjk.dll
    C:\WINDOWS\system32\mnaybwoi.dll
    C:\WINDOWS\system32\mumiwgyq.dll
    C:\WINDOWS\system32\myvpflul.dll
    C:\WINDOWS\system32\otxcjbwa.dll
    C:\WINDOWS\system32\owrhheru.dllbox
    C:\WINDOWS\system32\pxxlewxi.dll
    C:\WINDOWS\system32\qdujnuxx.dll
    C:\WINDOWS\system32\qygwimum.ini
    C:\WINDOWS\system32\rmemgdyv.dll
    C:\WINDOWS\system32\rrbtoxfh.ini
    C:\WINDOWS\system32\sfaulnwf.dll
    C:\WINDOWS\system32\uikugrxu.dll
    C:\WINDOWS\system32\uvurqaeq.dll
    C:\WINDOWS\system32\vbnvdyky.dll
    C:\WINDOWS\system32\vtuttuu.dll
    C:\WINDOWS\system32\vydgmemr.ini
    D:\Autorun.inf
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-20 20:20 . 2007-12-20 20:22 18,996 ---hs---- C:\WINDOWS\system32\owrhheru.dllbox
    2007-12-20 20:12 . 2007-12-20 20:12 7,168 --a------ C:\WINDOWS\system32\windows
    2007-12-20 18:10 . 2007-12-20 18:10 <REP> d-------- C:\Program Files\Avira
    2007-12-20 18:10 . 2007-12-20 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-20 17:48 . 2007-12-20 17:49 14,033 --a------ C:\posE38.tmp
    2007-12-20 16:57 . 2007-12-20 16:57 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-20 16:23 . 2007-12-20 16:23 14,033 --a------ C:\posC5D.tmp
    2007-12-20 16:22 . 2007-12-20 16:23 14,033 --a------ C:\pos8C0.tmp
    2007-12-20 14:17 . 2007-12-20 14:18 14,033 --a------ C:\pos7CA.tmp
    2007-12-20 14:03 . 2007-12-20 14:03 14,033 --a------ C:\pos3D2.tmp
    2007-12-20 11:53 . 2007-12-20 11:54 <REP> d-------- C:\Program Files\SpeedOptimizer
    2007-12-20 10:26 . 2007-12-20 10:26 14,033 --a------ C:\posBE0.tmp
    2007-12-20 10:25 . 2007-12-20 10:26 14,033 --a------ C:\pos95B.tmp
    2007-12-19 23:54 . 2007-12-19 23:54 14,033 --a------ C:\pos74D.tmp
    2007-12-19 23:53 . 2007-12-19 23:53 165,472 --a------ C:\WINDOWS\system32\owrhheru.dll
    2007-12-18 23:56 . 2007-12-19 23:56 294 ---hs---- C:\WINDOWS\system32\dokqogux.ini
    2007-12-17 16:13 . 2007-12-17 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2007-12-17 16:13 . 2007-12-17 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2007-12-17 16:07 . 2007-12-17 16:07 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2007-12-17 16:06 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2007-12-17 16:06 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2007-12-17 16:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2007-12-17 16:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2007-12-17 16:06 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2007-12-17 15:55 . 2007-12-17 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
    2007-12-17 15:35 . 2007-12-17 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DataLayer
    2007-12-17 15:34 . 2007-12-19 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Phone Browser
    2007-12-17 15:31 . 2007-12-17 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nokia
    2007-12-17 15:30 . 2007-12-17 15:30 <REP> d-------- C:\Program Files\DIFX
    2007-12-17 15:26 . 2007-12-17 16:16 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-12-17 15:26 . 2007-12-17 15:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-12-17 15:26 . 2007-12-19 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Suite
    2007-12-17 15:25 . 2007-12-17 16:06 <REP> d-------- C:\Program Files\Nokia
    2007-12-17 15:25 . 2007-12-17 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2007-12-17 15:25 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2007-12-17 10:15 . 2007-12-20 11:53 <REP> d-------- C:\Program Files\DAP Premium
    2007-12-15 23:55 . 2007-12-15 23:56 354 ---hs---- C:\WINDOWS\system32\upxfsqgv.ini
    2007-12-14 23:49 . 2007-12-15 23:49 294 ---hs---- C:\WINDOWS\system32\sqvxagje.ini
    2007-12-13 01:13 . 2007-12-13 01:13 <REP> d-------- C:\WINDOWS\Sun
    2007-12-12 19:46 . 2007-12-12 19:46 1,363,340 --a------ C:\WINDOWS\system32\Cartoons_12059.scr
    2007-12-12 19:46 . 2007-12-12 19:46 37,556 --a------ C:\WINDOWS\system32\Sylvunins.exe
    2007-12-12 18:11 . 2007-12-12 18:11 <REP> d-------- C:\Program Files\Plus!
    2007-12-12 16:18 . 2007-12-12 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-12-12 09:27 . 2007-12-19 10:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2007-12-11 23:51 . 2007-12-12 16:17 834,520 ---hs---- C:\WINDOWS\system32\yqmnojyl.ini
    2007-12-11 20:22 . 2007-12-20 20:22 24 --a------ C:\WINDOWS\LogonStudio.ini
    2007-12-11 19:43 . 2007-12-11 19:43 385 --a------ C:\WINDOWS\ODBC.INI
    2007-12-11 19:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-12-11 19:34 . 2007-12-11 19:34 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-12-11 19:32 . 2007-12-11 19:34 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-12-11 19:32 . 2007-12-11 19:32 <REP> d-------- C:\Program Files\Microsoft Works
    2007-12-11 19:27 . 2007-12-11 19:27 <REP> d-------- C:\Program Files\CDImage GUI
    2007-12-11 19:27 . 2007-12-11 19:27 720,896 --a------ C:\WINDOWS\iun6002.exe
    2007-12-11 03:37 . 2007-12-12 05:50 <REP> d-------- C:\Program Files\Yahoo!
    2007-12-11 03:30 . 2007-12-11 03:30 <REP> d-------- C:\Program Files\Runtime Software
    2007-12-11 03:27 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-11 03:21 . 2007-12-11 03:21 <REP> d-------- C:\Program Files\WinCustomize
    2007-12-11 03:21 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
    2007-12-11 03:21 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
    2007-12-11 03:19 . 2007-12-13 22:17 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
    2007-12-11 03:15 . 2007-12-12 05:46 <REP> d-------- C:\Program Files\Stardock
    2007-12-11 03:15 . 2007-12-12 05:46 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2007-12-11 03:10 . 2007-12-11 03:10 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-11 02:34 . 2007-12-20 17:20 <REP> d-------- C:\Program Files\eMule
    2007-12-10 23:48 . 2007-12-11 23:48 834,400 ---hs---- C:\WINDOWS\system32\glmuvsky.ini
    2007-12-10 20:15 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-10 19:35 . 2007-12-10 19:35 <REP> d-------- C:\Program Files\DivX
    2007-12-10 19:35 . 2007-11-29 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-10 19:35 . 2007-11-29 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-12-10 19:00 . 2007-12-10 19:00 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-12-10 18:58 . 2007-12-10 19:16 <REP> d-------- C:\Program Files\Winamp
    2007-12-10 18:58 . 2007-12-10 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-10 18:58 . 2007-12-11 19:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp
    2007-12-10 18:57 . 2007-12-10 18:57 <REP> d-------- C:\Program Files\Real
    2007-12-10 18:55 . 2007-12-10 18:55 <REP> d-------- C:\Program Files\ToniArts
    2007-12-10 18:53 . 2007-12-11 18:52 <REP> d-------- C:\Program Files\Burn4Free Toolbar
    2007-12-10 18:53 . 2007-12-10 18:53 <REP> d-------- C:\Program Files\Burn4Free
    2007-12-10 17:33 . 2007-12-11 03:25 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-10 17:33 . 2007-12-10 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-10 17:32 . 2007-12-10 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-10 16:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-10 16:50 . 2007-12-10 16:51 <REP> d-------- C:\Program Files\Java
    2007-12-10 16:28 . 2007-12-10 16:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2007-12-10 16:18 . 2007-12-10 16:18 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-10 16:18 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-12-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-10 16:18 . 2007-12-10 18:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-12-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-10 14:39 . 2007-12-10 14:39 <REP> d-------- C:\Program Files\CCleaner
    2007-12-10 14:38 . 2007-12-10 14:38 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-12-10 14:38 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-12-10 14:38 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2007-12-10 14:38 . 2007-12-10 18:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-12-10 14:38 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-12-10 14:38 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2007-12-10 14:38 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2007-12-10 14:38 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2007-12-10 14:38 . 2007-12-03 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-12-10 14:38 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2007-12-10 14:38 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-19 22:53 165,472 ----a-w C:\WINDOWS\system32\oheufhrf.dll
    2007-12-13 21:19 4,104,192 ----a-w C:\WINDOWS\system32\logonuiX.exe
    2007-12-11 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-10 09:07 --------- d-sh--w C:\Documents and Settings\Administrateur\Application Data\.#
    2007-12-09 19:53 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-09 19:53 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-09 19:42 --------- d-----w C:\Program Files\SuperCopier2
    2007-12-09 19:19 --------- d-----w C:\Program Files\CONEXANT
    2007-12-09 19:16 --------- d-----w C:\Program Files\SigmaTel
    2007-12-09 19:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-09 18:59 --------- d-----w C:\Program Files\Services en ligne
    2007-12-09 18:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\DllCache\jscript.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 10:18 3,079,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\DllCache\shell32.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 05:01 227,328 ------w C:\WINDOWS\system32\DllCache\wmasf.dll
    2007-10-11 06:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
    2007-10-11 06:13 663,552 ------w C:\WINDOWS\system32\DllCache\wininet.dll
    2007-10-11 06:13 617,472 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
    2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
    2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
    2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
    2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
    2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
    2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
    2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
    2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
    2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
    2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
    2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
    2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
    2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
    2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
    2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-12-19 23:53 165472 --a------ C:\WINDOWS\system32\owrhheru.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-11-06 19:51]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" []
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-10 18:58]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
    "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "DownloadAccelerator"="C:\Program Files\DAP Premium\DAP.exe" [2007-11-24 22:12]
    "SpeedOptimizer"="C:\Program Files\SpeedOptimizer\SPO.exe" [2007-12-20 11:53]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghecb]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\owrhheru]
    owrhheru.dll 2007-12-19 23:53 165472 C:\WINDOWS\system32\owrhheru.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1159dec8-a8d5-11dc-a0d9-00123f942cda}]
    \Shell\AutoRun\command - n1deiect.com
    \Shell\explore\Command - n1deiect.com
    \Shell\open\Command - n1deiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2de6db3-a853-11dc-a0d8-00123f942cda}]
    \Shell\AutoRun\command - I:\n1deiect.com
    \Shell\explore\Command - I:\n1deiect.com
    \Shell\open\Command - I:\n1deiect.com

    *Newly Created Service* - SSMDRV
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-20 20:21:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\owrhheru.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\system32\owrhheru.dll
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    Completion time: 2007-12-20 20:23:37 - machine was rebooted
    .
    2007-12-12 14:23:40 --- E O F ---
    20 Décembre 2007 20:29:31

    en fait j'ai oublié de desactiver spybot avant de le lancer dois je refaire le rapport?
    a b 8 Sécurité
    20 Décembre 2007 20:45:13

    Pas besoin :) 

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    20 Décembre 2007 21:16:10


    VundoFix V6.7.7

    Checking Java version...

    Scan started at 20:51:11 20/12/2007

    Listing files found while scanning....

    C:\windows\system32\owrhheru.dll
    C:\windows\system32\owrhheru.dllbox

    Beginning removal...

    Attempting to delete C:\windows\system32\owrhheru.dll
    C:\windows\system32\owrhheru.dll Has been deleted!

    Attempting to delete C:\windows\system32\owrhheru.dllbox
    C:\windows\system32\owrhheru.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!
    et voilà le nouveau rapport hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:56, on 20/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\DAP Premium\DAP.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svxela.com/trafc-2/rfe.php?cmp=impressions_se_ju...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP Premium\DAP.exe" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7101 bytes
    a b 8 Sécurité
    21 Décembre 2007 10:56:45

    Refais un scan Combofix :) 
    21 Décembre 2007 18:17:59

    rebonjour dslée pour le retard je viens de me mettre devant l'ordi voilà le rapport
    ComboFix 07-12-20.1 - ASSOUMA 2007-12-21 18:13:16.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-20 21:12 . 2007-12-20 21:12 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-12-20 20:51 . 2007-12-20 20:51 <REP> d-------- C:\VundoFix Backups
    2007-12-20 20:20 . 2007-12-20 20:20 14,033 --a------ C:\posEE4.tmp
    2007-12-20 20:12 . 2007-12-20 20:40 7,168 --a------ C:\WINDOWS\system32\windows
    2007-12-20 18:10 . 2007-12-20 18:10 <REP> d-------- C:\Program Files\Avira
    2007-12-20 18:10 . 2007-12-20 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-20 17:48 . 2007-12-20 17:49 14,033 --a------ C:\posE38.tmp
    2007-12-20 16:57 . 2007-12-20 16:57 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-20 16:23 . 2007-12-20 16:23 14,033 --a------ C:\posC5D.tmp
    2007-12-20 16:22 . 2007-12-20 16:23 14,033 --a------ C:\pos8C0.tmp
    2007-12-20 14:17 . 2007-12-20 14:18 14,033 --a------ C:\pos7CA.tmp
    2007-12-20 14:03 . 2007-12-20 14:03 14,033 --a------ C:\pos3D2.tmp
    2007-12-20 11:53 . 2007-12-20 11:54 <REP> d-------- C:\Program Files\SpeedOptimizer
    2007-12-20 10:26 . 2007-12-20 10:26 14,033 --a------ C:\posBE0.tmp
    2007-12-20 10:25 . 2007-12-20 10:26 14,033 --a------ C:\pos95B.tmp
    2007-12-19 23:54 . 2007-12-19 23:54 14,033 --a------ C:\pos74D.tmp
    2007-12-19 23:53 . 2007-12-19 23:53 165,472 --a------ C:\WINDOWS\system32\oheufhrf.dll
    2007-12-18 23:56 . 2007-12-19 23:56 294 ---hs---- C:\WINDOWS\system32\dokqogux.ini
    2007-12-17 16:13 . 2007-12-17 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2007-12-17 16:13 . 2007-12-17 16:13 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2007-12-17 16:07 . 2007-12-17 16:07 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2007-12-17 16:06 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2007-12-17 16:06 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2007-12-17 16:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2007-12-17 16:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2007-12-17 16:06 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2007-12-17 15:55 . 2007-12-17 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
    2007-12-17 15:35 . 2007-12-17 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DataLayer
    2007-12-17 15:34 . 2007-12-19 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Phone Browser
    2007-12-17 15:31 . 2007-12-17 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nokia
    2007-12-17 15:30 . 2007-12-17 15:30 <REP> d-------- C:\Program Files\DIFX
    2007-12-17 15:26 . 2007-12-17 16:16 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-12-17 15:26 . 2007-12-17 15:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-12-17 15:26 . 2007-12-19 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Suite
    2007-12-17 15:25 . 2007-12-17 16:06 <REP> d-------- C:\Program Files\Nokia
    2007-12-17 15:25 . 2007-12-17 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2007-12-17 15:25 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2007-12-17 10:15 . 2007-12-20 11:53 <REP> d-------- C:\Program Files\DAP Premium
    2007-12-15 23:55 . 2007-12-15 23:56 354 ---hs---- C:\WINDOWS\system32\upxfsqgv.ini
    2007-12-14 23:49 . 2007-12-15 23:49 294 ---hs---- C:\WINDOWS\system32\sqvxagje.ini
    2007-12-13 01:13 . 2007-12-13 01:13 <REP> d-------- C:\WINDOWS\Sun
    2007-12-12 19:46 . 2007-12-12 19:46 1,363,340 --a------ C:\WINDOWS\system32\Cartoons_12059.scr
    2007-12-12 19:46 . 2007-12-12 19:46 37,556 --a------ C:\WINDOWS\system32\Sylvunins.exe
    2007-12-12 18:11 . 2007-12-12 18:11 <REP> d-------- C:\Program Files\Plus!
    2007-12-12 16:18 . 2007-12-12 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-12-12 09:27 . 2007-12-19 10:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2007-12-11 23:51 . 2007-12-12 16:17 834,520 ---hs---- C:\WINDOWS\system32\yqmnojyl.ini
    2007-12-11 20:22 . 2007-12-21 03:29 24 --a------ C:\WINDOWS\LogonStudio.ini
    2007-12-11 19:43 . 2007-12-11 19:43 385 --a------ C:\WINDOWS\ODBC.INI
    2007-12-11 19:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-12-11 19:34 . 2007-12-11 19:34 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-12-11 19:32 . 2007-12-11 19:34 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-12-11 19:32 . 2007-12-11 19:32 <REP> d-------- C:\Program Files\Microsoft Works
    2007-12-11 19:27 . 2007-12-11 19:27 <REP> d-------- C:\Program Files\CDImage GUI
    2007-12-11 19:27 . 2007-12-11 19:27 720,896 --a------ C:\WINDOWS\iun6002.exe
    2007-12-11 03:37 . 2007-12-12 05:50 <REP> d-------- C:\Program Files\Yahoo!
    2007-12-11 03:30 . 2007-12-11 03:30 <REP> d-------- C:\Program Files\Runtime Software
    2007-12-11 03:27 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-11 03:21 . 2007-12-11 03:21 <REP> d-------- C:\Program Files\WinCustomize
    2007-12-11 03:21 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
    2007-12-11 03:21 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
    2007-12-11 03:19 . 2007-12-13 22:17 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
    2007-12-11 03:15 . 2007-12-12 05:46 <REP> d-------- C:\Program Files\Stardock
    2007-12-11 03:15 . 2007-12-12 05:46 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2007-12-11 03:10 . 2007-12-11 03:10 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-11 02:34 . 2007-12-20 17:20 <REP> d-------- C:\Program Files\eMule
    2007-12-10 23:48 . 2007-12-11 23:48 834,400 ---hs---- C:\WINDOWS\system32\glmuvsky.ini
    2007-12-10 20:15 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-10 19:35 . 2007-12-10 19:35 <REP> d-------- C:\Program Files\DivX
    2007-12-10 19:35 . 2007-11-29 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-10 19:35 . 2007-11-29 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-12-10 19:00 . 2007-12-10 19:00 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-12-10 18:58 . 2007-12-21 07:10 <REP> d-------- C:\Program Files\Winamp
    2007-12-10 18:58 . 2007-12-10 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-10 18:58 . 2007-12-11 19:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp
    2007-12-10 18:57 . 2007-12-10 18:57 <REP> d-------- C:\Program Files\Real
    2007-12-10 18:55 . 2007-12-10 18:55 <REP> d-------- C:\Program Files\ToniArts
    2007-12-10 18:53 . 2007-12-11 18:52 <REP> d-------- C:\Program Files\Burn4Free Toolbar
    2007-12-10 18:53 . 2007-12-10 18:53 <REP> d-------- C:\Program Files\Burn4Free
    2007-12-10 17:33 . 2007-12-11 03:25 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-10 17:33 . 2007-12-10 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-10 17:32 . 2007-12-10 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-10 16:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-10 16:50 . 2007-12-10 16:51 <REP> d-------- C:\Program Files\Java
    2007-12-10 16:28 . 2007-12-10 16:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2007-12-10 16:18 . 2007-12-10 16:18 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-10 16:18 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-12-10 16:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-10 16:18 . 2007-12-10 18:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-12-10 16:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-10 14:39 . 2007-12-10 14:39 <REP> d-------- C:\Program Files\CCleaner
    2007-12-10 14:38 . 2007-12-10 14:38 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-12-10 14:38 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-12-10 14:38 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2007-12-10 14:38 . 2007-12-10 18:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-12-10 14:38 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-12-10 14:38 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2007-12-10 14:38 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2007-12-10 14:38 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2007-12-10 14:38 . 2007-12-03 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-13 21:19 4,104,192 ----a-w C:\WINDOWS\system32\logonuiX.exe
    2007-12-11 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-10 09:07 --------- d-sh--w C:\Documents and Settings\Administrateur\Application Data\.#
    2007-12-09 19:53 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-09 19:53 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-09 19:42 --------- d-----w C:\Program Files\SuperCopier2
    2007-12-09 19:19 --------- d-----w C:\Program Files\CONEXANT
    2007-12-09 19:16 --------- d-----w C:\Program Files\SigmaTel
    2007-12-09 19:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-09 18:59 --------- d-----w C:\Program Files\Services en ligne
    2007-12-09 18:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\DllCache\jscript.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 10:18 3,079,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\DllCache\quartz.dll
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\DllCache\shell32.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 05:01 227,328 ------w C:\WINDOWS\system32\DllCache\wmasf.dll
    2007-10-11 06:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
    2007-10-11 06:13 663,552 ------w C:\WINDOWS\system32\DllCache\wininet.dll
    2007-10-11 06:13 617,472 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
    2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
    2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
    2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
    2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
    2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
    2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
    2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
    2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
    2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
    2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
    2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
    2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
    2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll
    2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
    2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-20_20.22.38.53 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-20 12:58:48 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2007-12-21 02:11:58 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2007-12-20 12:59:02 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2007-12-21 02:12:05 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2007-12-20 12:59:03 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2007-12-21 02:12:06 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2007-12-20 12:59:05 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2007-12-21 02:12:07 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2007-12-20 12:58:58 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2007-12-21 02:12:03 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2007-12-20 12:58:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2007-12-21 02:11:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2007-12-20 12:58:41 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2007-12-21 02:11:54 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2007-12-20 12:59:12 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2007-12-21 02:12:11 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2007-12-20 12:58:52 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2007-12-21 02:12:00 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-12-20 12:58:47 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2007-12-21 02:11:58 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2007-12-20 12:58:40 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2007-12-21 02:11:54 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2007-12-20 12:58:43 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2007-12-21 02:11:56 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2007-12-20 12:58:59 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2007-12-21 02:12:04 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2007-12-20 12:59:00 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2007-12-21 02:12:05 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2007-12-20 12:59:02 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2007-12-21 02:12:05 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2007-12-20 12:58:44 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2007-12-21 02:11:56 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2007-12-20 12:58:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2007-12-21 02:11:57 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2007-12-20 12:58:46 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2007-12-21 02:11:57 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2007-12-20 12:58:46 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2007-12-21 02:11:57 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2007-12-20 12:58:43 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2007-12-21 02:11:56 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2007-12-20 12:59:15 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2007-12-21 02:12:12 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2007-12-20 12:59:14 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2007-12-21 02:12:12 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2007-12-20 12:58:37 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2007-12-21 02:11:52 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2007-12-20 12:59:14 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2007-12-21 02:12:12 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2007-12-20 12:59:16 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2007-12-21 02:12:13 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2007-12-20 12:58:39 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2007-12-21 02:11:54 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2007-12-20 12:58:38 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2007-12-21 02:11:53 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2007-12-20 12:58:38 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2007-12-21 02:11:53 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2007-12-20 12:59:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2007-12-21 02:12:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2007-12-20 12:58:49 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2007-12-21 02:11:58 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2007-12-20 12:59:09 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2007-12-21 02:12:10 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2007-12-20 12:59:06 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2007-12-21 02:12:08 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2007-12-20 12:58:42 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2007-12-21 02:11:55 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2007-12-20 12:58:59 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2007-12-21 02:12:04 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2007-12-20 12:58:50 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2007-12-21 02:11:59 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2007-12-20 12:58:49 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2007-12-21 02:11:59 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2007-12-20 12:58:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2007-12-21 02:12:00 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2007-12-20 12:59:11 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2007-12-21 02:12:10 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2007-12-20 12:59:06 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2007-12-21 02:12:08 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2007-12-20 12:59:12 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2007-12-21 02:12:11 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2007-12-20 12:59:07 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2007-12-21 02:12:08 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2007-12-20 12:59:08 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2007-12-21 02:12:09 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2007-12-20 12:58:47 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2007-12-21 02:11:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2007-12-20 12:58:51 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2007-12-21 02:12:00 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2007-12-20 12:59:13 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2007-12-21 02:12:11 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2007-12-20 12:58:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2007-12-21 02:12:01 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2007-12-20 12:58:54 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2007-12-21 02:12:01 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2007-12-20 12:58:55 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2007-12-21 02:12:02 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2007-12-20 12:58:57 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2007-12-21 02:12:02 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2007-12-20 12:59:10 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2007-12-21 02:12:10 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2007-12-21 02:16:08 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\098320a51e15093768af6dbea2698286\Accessibility.ni.dll
    + 2007-12-21 02:16:09 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\18e4d36db38d68ef68cb7d8693e3ac2b\AspNetMMCExt.ni.dll
    + 2007-12-21 02:16:10 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\95a86df8520fb1da62180d8a6f172b05\CustomMarshalers.ni.dll
    + 2007-12-21 02:16:09 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\fb615b4576479434e7945244404d1cd1\dfsvc.ni.exe
    + 2007-12-21 02:16:12 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d342a0e74f569bad915b2812f510f537\Microsoft.Build.Engine.ni.dll
    + 2007-12-21 02:16:12 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\62ea12c88550cb1f94c40f01ae7aa256\Microsoft.Build.Framework.ni.dll
    + 2007-12-21 02:16:15 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\05648fb588a6eadecf5df60c0790ba78\Microsoft.Build.Tasks.ni.dll
    + 2007-12-21 02:16:16 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2ab977c414998bf47f60caff66d8e38e\Microsoft.Build.Utilities.ni.dll
    + 2007-12-21 02:16:19 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\26da7d726df064d1c302ae7f1107c08a\Microsoft.VisualBasic.ni.dll
    + 2007-12-21 02:13:20 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\390b613e75fb7982c25b17e60402e053\mscorlib.ni.dll
    + 2007-12-21 02:16:21 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\5f5caeeee8e80623dde6ac5e6eea1422\System.Configuration.ni.dll
    + 2007-12-21 02:13:50 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\32579c2391c6758fc2b66cd71c3146c5\System.Data.ni.dll
    + 2007-12-21 02:16:23 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\09fe14653141648ed0f1b1c1f19c312d\System.Deployment.ni.dll
    + 2007-12-21 02:14:08 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\eb7ff7c3ef5ee51b2904c49ce2c89bed\System.Design.ni.dll
    + 2007-12-21 02:16:26 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4280288aec2d4b3a7665f1a7bb784558\System.DirectoryServices.ni.dll
    + 2007-12-21 02:16:27 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5c08a595e172997b8e3a0aff5f1bf9fd\System.DirectoryServices.Protocols.ni.dll
    + 2007-12-21 02:14:13 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b1cdc7c41190b1202569d4c4face6cfe\System.Drawing.Design.ni.dll
    + 2007-12-21 02:14:12 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\08093480b73bf4668fdf2ed2a4f1c1e2\System.Drawing.ni.dll
    + 2007-12-21 02:16:29 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a476d569b3788fafcd7116ccfe47c38\System.EnterpriseServices.ni.dll
    + 2007-12-21 02:16:29 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a476d569b3788fafcd7116ccfe47c38\System.EnterpriseServices.Wrapper.dll
    + 2007-12-21 02:16:30 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\4139ea70cac8235e67aa2aa4e4265ea9\System.Security.ni.dll
    + 2007-12-21 02:16:32 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8aa13ad03d5f9880bb75249ca1af662f\System.Transactions.ni.dll
    + 2007-12-21 02:17:04 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f07150b46501bfbbd4cbc1e86d260184\System.Web.Mobile.ni.dll
    + 2007-12-21 02:17:05 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8562d36617369dfdd001f258eacecf01\System.Web.RegularExpressions.ni.dll
    + 2007-12-21 02:17:08 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\df87cf95450c996d7e871f9b3c20729f\System.Web.Services.ni.dll
    + 2007-12-21 02:16:59 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\a4e3f8cc8542e3fc938deb52b2d695a5\System.Web.ni.dll
    + 2007-12-21 02:14:36 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c3ec74819e6028d00f7af73eaf59799\System.Windows.Forms.ni.dll
    + 2007-12-21 02:14:48 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9717f5e89efdade9f252d903f4ad7427\System.Xml.ni.dll
    + 2007-12-21 02:13:36 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d2d9082d3ef900c6bada95662ad4efd4\System.ni.dll
    - 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2007-04-13 02:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    - 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2007-04-13 02:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2007-04-13 02:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    - 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2007-04-13 02:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    - 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2007-04-13 02:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    - 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2007-04-13 02:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    - 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2007-04-13 02:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    - 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2007-04-13 02:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2007-04-13 02:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    - 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2007-04-13 02:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    - 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2007-04-13 02:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    - 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2007-04-13 02:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    - 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2007-04-13 02:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    - 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2007-04-13 02:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2007-04-13 02:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    - 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2007-04-13 02:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    - 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2007-04-13 02:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    - 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2007-04-13 02:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    - 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2007-04-13 02:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2007-04-13 02:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    - 2005-09-23 06:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2007-04-13 02:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2007-04-13 02:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2005-09-23 06:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2007-04-13 02:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    - 2005-09-23 06:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2007-04-13 02:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    - 2005-09-23 06:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2007-04-13 02:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    - 2005-09-23 06:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2007-04-13 02:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2005-09-23 06:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2007-04-13 02:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    - 2005-09-23 06:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2007-04-13 02:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    - 2005-09-23 06:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2007-04-13 02:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    - 2005-09-23 06:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2007-04-13 02:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2007-04-13 02:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    - 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2007-04-13 02:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2007-04-13 02:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    - 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2007-04-13 02:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    - 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2007-04-13 02:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    - 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2007-04-13 02:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    - 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2007-04-13 02:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    - 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2007-04-13 02:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2007-04-13 02:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2007-04-13 02:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2007-04-13 02:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    - 2005-09-23 06:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2007-04-13 02:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    - 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2007-04-13 02:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    - 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2007-04-13 02:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2007-04-13 02:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    - 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2007-04-13 02:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    - 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2007-04-13 02:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2007-04-13 02:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2007-04-13 02:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    - 2005-09-23 06:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2007-04-13 02:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    - 2005-09-23 06:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2007-04-13 02:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    - 2005-09-23 06:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2007-04-13 02:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-12-20 20:38:10 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    - 2005-09-23 06:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
    + 2007-04-13 02:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
    - 2007-12-20 12:59:28 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-12-21 05:17:48 59,440 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-12-20 12:59:28 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2007-12-21 05:17:48 72,126 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-12-20 12:59:28 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-12-21 05:17:48 395,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-12-20 12:59:28 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2007-12-21 05:17:48 460,986 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2007-12-21 05:03:58 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_548.dat
    - 2007-12-20 12:58:41 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2007-12-21 02:11:54 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2007-12-20 12:58:41 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2007-12-21 02:11:54 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-11-06 19:51]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-10 18:58]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
    "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "DownloadAccelerator"="C:\Program Files\DAP Premium\DAP.exe" [2007-11-24 22:12]
    "SpeedOptimizer"="C:\Program Files\SpeedOptimizer\SPO.exe" [2007-12-20 11:53]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-20 21:38]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:37]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-12-11 03:15:59]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1159dec8-a8d5-11dc-a0d9-00123f942cda}]
    \Shell\AutoRun\command - n1deiect.com
    \Shell\explore\Command - n1deiect.com
    \Shell\open\Command - n1deiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2de6db3-a853-11dc-a0d8-00123f942cda}]
    \Shell\AutoRun\command - I:\n1deiect.com
    \Shell\explore\Command - I:\n1deiect.com
    \Shell\open\Command - I:\n1deiect.com

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 18:14:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    Completion time: 2007-12-21 18:15:29
    C:\ComboFix2.txt ... 2007-12-20 20:23
    .
    2007-12-21 02:12:50 --- E O F ---
    21 Décembre 2007 18:24:54

    en fait hier soir j'ai refait un rapport hijackthis et j'ai essayé de le decortiquer un peu suivant le pacman list mais j'ai pu remarquer quelque chose d'anormale..en fait j'ai remarqué aussi la presence de plus d'une centaine de fichier .TMP dans "mes documents" et dans le c:\ je ne sais pas d'où ça sort!!!!!
    a b 8 Sécurité
    21 Décembre 2007 19:06:24

    Veux vérifier qq chose.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    21 Décembre 2007 19:20:31

    d'accord
    21 Décembre 2007 20:05:00

    je me connecte de l'ordi de ma soeur est ce que c'est normal que ça se plante depuis presque une demi heure à 25%?!!!!!!y a pas de risque j'espere sinon que dois je faire?!!!!!!!!!!!!!
    21 Décembre 2007 20:08:46

    ça y est c'est bon ça redemarre je poste toute de suite le rapport..j'ai eu une peure bleue:-(
    21 Décembre 2007 20:19:09

    voilà le rapport

    SDFix: Version 1.119

    Run by ASSOUMA on 21/12/2007 at 19:29

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    No Trojan Files Found





    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 20:10:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------


    Files with Hidden Attributes:

    Fri 16 Nov 2007 1,706,870 ...HR --- "C:\WINDOWS\vbxeditorpop32.exe"

    Finished!
    a b 8 Sécurité
    21 Décembre 2007 20:47:01

    Re,

    Rien.

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    21 Décembre 2007 21:07:25

    C:\WINDOWS\System32\PerfStringBackup.INI -->21/12/2007 06:17:48
    C:\WINDOWS\System32\perfh00C.dat -->21/12/2007 06:17:48
    C:\WINDOWS\System32\perfh009.dat -->21/12/2007 06:17:48
    C:\WINDOWS\System32\perfc00C.dat -->21/12/2007 06:17:48
    C:\WINDOWS\System32\perfc009.dat -->21/12/2007 06:17:48
    C:\WINDOWS\System32\VundoFixSVC.exe -->20/12/2007 21:12:13
    C:\WINDOWS\System32\windows -->20/12/2007 20:40:49
    C:\WINDOWS\System32\CONFIG.NT -->20/12/2007 17:44:17
    C:\WINDOWS\System32\wpa.dbl -->20/12/2007 11:41:47
    C:\WINDOWS\System32\dokqogux.ini -->19/12/2007 23:56:57
    C:\WINDOWS\System32\oheufhrf.dll -->19/12/2007 23:53:42
    C:\WINDOWS\System32\upxfsqgv.ini -->15/12/2007 23:56:02
    C:\WINDOWS\System32\sqvxagje.ini -->15/12/2007 23:49:55
    C:\WINDOWS\System32\logonuiX.exe -->13/12/2007 22:19:09
    C:\WINDOWS\System32\swreg.exe -->13/12/2007 21:26:50
    C:\WINDOWS\System32\Sylvunins.exe -->12/12/2007 19:46:58
    C:\WINDOWS\System32\Cartoons_12059.scr -->12/12/2007 19:46:06
    C:\WINDOWS\System32\yqmnojyl.ini -->12/12/2007 16:17:00
    C:\WINDOWS\System32\FNTCACHE.DAT -->12/12/2007 16:15:23
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 15:21:36
    C:\WINDOWS\System32\glmuvsky.ini -->11/12/2007 23:48:30
    C:\WINDOWS\System32\mhkujihx.ini -->10/12/2007 20:15:34
    C:\WINDOWS\System32\rmoc3260.dll -->10/12/2007 18:59:37
    C:\WINDOWS\System32\pndx5032.dll -->10/12/2007 18:58:32
    C:\WINDOWS\System32\pndx5016.dll -->10/12/2007 18:58:32

    C:\WINDOWS\wiaservc.log -->21/12/2007 20:14:11
    C:\WINDOWS\wiadebug.log -->21/12/2007 20:14:11
    C:\WINDOWS\LogonStudio.ini -->21/12/2007 20:13:45
    C:\WINDOWS\WindowsUpdate.log -->21/12/2007 20:13:36
    C:\WINDOWS\0.log -->21/12/2007 20:10:33
    C:\WINDOWS\bootstat.dat -->21/12/2007 20:10:06
    C:\WINDOWS\ntbtlog.txt -->21/12/2007 19:28:31
    C:\WINDOWS\SchedLgU.Txt -->21/12/2007 19:26:16
    C:\WINDOWS\system.ini -->21/12/2007 18:14:46
    C:\WINDOWS\ODBC.INI -->11/12/2007 19:43:06
    C:\WINDOWS\win.ini -->11/12/2007 19:40:27
    C:\WINDOWS\iun6002.exe -->11/12/2007 19:27:33
    C:\WINDOWS\WMSysPr9.prx -->10/12/2007 19:15:43
    C:\WINDOWS\mozver.dat -->10/12/2007 17:31:39
    C:\WINDOWS\Sti_Trace.log -->09/12/2007 20:55:59

    a b 8 Sécurité
    21 Décembre 2007 21:19:20

    C:\rapport_clean.txt :) 
    21 Décembre 2007 21:25:20

    :heink: 
    21/12/2007 a 21:07:33,59

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    c'est le seul que j'ai trouvé :??: 
    a b 8 Sécurité
    21 Décembre 2007 21:39:31

    Encore des soucis ?
    22 Décembre 2007 07:53:14

    desolée pour le retard ;
    oui au lieu de l'icone du c:\ j'ai une grande croix rouge et il y a tjr cette centaine de fichiers .TMP dont je ne connais pas la provenance c'est du genre pos1.TMP,pos2,posAD puis la notation hexa......et j'ai toujours un msg de antivir m'indiquant un probleme dans le systeme volume...je les supprime les fichiers?
    meme avec ccleaner et easy cleaner j'ai pas pu m'en debarrasser..
    a b 8 Sécurité
    22 Décembre 2007 12:12:14

    Désactive puis réactive la restauration du système.
    Passe un coup de Ccleaner.
    22 Décembre 2007 14:23:46

    là je suis entrain de faire une analyse en ligne avec kaspersky pour voir si ça donne quelque chose,apres je ferme mes navigateurs (firfox ici et explorer pour le scan en ligne) pour que je puisse lancer ccleaner et je t'informe des resultats , sinon crois tu qu'il y a risque à supprimer ces fichiers manuellement avec shift+suppr?!!!!
    22 Décembre 2007 14:26:54

    et voilà le rapport du scan en ligne
    Cible de l'analyse Zones critiques
    C:\WINDOWS
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
    Statistiques de l'analyse
    Total d'objets analysés 10431
    Nombre de virus trouvés 1
    Nombre d'objets infectés 1 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 00:10:27

    Nom de l'objet infecté Nom du virus Dernière action
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\vbxeditorpop32.exe Infecté : Email-Worm.Win32.VB.dn ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_ASSOUMA\2652 L'objet est verrouillé ignoré
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_cec.dat L'objet est verrouillé ignoré
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF83D0.tmp L'objet est verrouillé ignoré
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF83E3.tmp L'objet est verrouillé ignoré
    Analyse terminée.
    a b 8 Sécurité
    22 Décembre 2007 14:35:24

    Re,

    Supprime ce fichier :
    C:\WINDOWS\vbxeditorpop32.exe
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS