Sujet Précédent Sujet Suivant

Au secours / Win32.Trojan Downloader

meli-chan Messages postés 8 Statut Membre -  
 VincenVega-1 -
Bonjour,

Vous êtes mon dernier espoir.
Samedi après midi mon ordinateur et plus particulièrement Norton, s'est affolé en me détectant un virus (le nom varie selon les différents scans) Le fameux win32 qui semble faire beaucoup de dégats actuellement.

J'ai utilisé tout ce qui était utilisable pour m'en débarasser je crois bien : Norton, Avast (après désintalation de Norton) Spyboth, Ad aware, CCleaner, voire même la version d'évaluation de Karpersky.
Rien n'y fait il persiste :
-Restriction en viogueur sur l'ordinateur (je suis le seul administrateur de l'ordi)
-Envoi de milliers de spam dans le monde (chacun analysé par norton... Invasion de mon écran par les analyses)
-Messages d'erreur par centaine...

En désespoir de cause, j'ai reformaté mon ordinateur... 4 fois. Le virus a persisté et il est toujours présent. Je n'en peux plus et je n'ai vraiment pas les moyens de racheter un ordinateur neuf.

Voici mon dernier scan en date :

Ad-Aware 2007 Build
Log File Created on: 2007-12-18 18:13:39
Using Definitions File: D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: 1036948703146
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Athlon(tm) 64 Processor 3400+
Memory Available: 51%
Total Physical Memory: 1073070080 Bytes
Available Physical Memory: 546947072 Bytes
Total Page File Size: 2577854464 Bytes
Available On Page File: 2116956160 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1998151680 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3

Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 40
Build Number: 0
Build Date and Time: 2007/12/17 08:47:35

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 166532
Infections Detected: 229
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 118 118
Registry PE Scan: 0 0
Hosts File Scan.: 92 92
File Scan.......: 0 0
Folder Scan.....: 4 4
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 12 12
File Hash Scan..: 1 1

Infections Found
===========================
Family Id: 352 Name: FakeAlert Category: Malware TAI:5
Item Id: 300038140 Value: Root: HKCR Path: appid\{d27987b8-7244-4de0-ae10-39b826b492f1}
Item Id: 300038141 Value: Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{d27987b8-7244-4de0-ae10-39b826b492f1}
Item Id: 300033634 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
Item Id: 300033635 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: spoolsv
Item Id: 300033636 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disableregistrytools
Item Id: 300033637 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disabletaskmgr
Item Id: 300033638 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: printer
Item Id: 300033639 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033640 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033641 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033642 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033643 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033643 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033644 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300033645 Value: Root: HKLM Path: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value: Shell Data: Explorer.exe C:\WINDOWS\shell.exe
Item Id: 300038142 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: undefined
Item Id: 300038178 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038179 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038180 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038181 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038182 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038183 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038184 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038185 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038186 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038187 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038188 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038189 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038190 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038191 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038192 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038193 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038194 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038195 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038765 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: undefined
Family Id: 750 Name: Ultimate Defender Category: Misc TAI:3
Item Id: 300015811 Value: Root: HKLM Path: software\ultimate defender
Item Id: 300015812 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\ultimate defender
Item Id: 300015814 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: ultimate defender
Item Id: 400001359 Value: Folder: C:\Program Files\ultimate defender
Item Id: 400001360 Value: Folder: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\ultimate defender
Item Id: 400001958 Value: Folder: D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\Ultimate Defender
Family Id: 563 Name: Redirected hostfile entry Category: Misc TAI:4
Item Id: 500000624 Value: IP Address: 192.168.200.3 Host Name: AD.DOUBLECLICK.NET
Item Id: 500000625 Value: IP Address: 192.168.200.3 Host Name: AD.FASTCLICK.NET
Item Id: 500000626 Value: IP Address: 192.168.200.3 Host Name: ADS.FASTCLICK.NET
Item Id: 500000627 Value: IP Address: 192.168.200.3 Host Name: AR.ATWOLA.COM
Item Id: 500000628 Value: IP Address: 192.168.200.3 Host Name: ATDMT.COM
Item Id: 500000629 Value: IP Address: 192.168.200.3 Host Name: AVP.CH
Item Id: 500000630 Value: IP Address: 192.168.200.3 Host Name: AVP.COM
Item Id: 500000631 Value: IP Address: 192.168.200.3 Host Name: AVP.RU
Item Id: 500000632 Value: IP Address: 192.168.200.3 Host Name: AWAPS.NET
Item Id: 500000633 Value: IP Address: 192.168.200.3 Host Name: BANNER.FASTCLICK.NET
Item Id: 500000634 Value: IP Address: 192.168.200.3 Host Name: BANNERS.FASTCLICK.NET
Item Id: 500000635 Value: IP Address: 192.168.200.3 Host Name: CA.COM
Item Id: 500000636 Value: IP Address: 192.168.200.3 Host Name: CLICK.ATDMT.COM
Item Id: 500000637 Value: IP Address: 192.168.200.3 Host Name: CLICKS.ATDMT.COM
Item Id: 500000639 Value: IP Address: 192.168.200.3 Host Name: DISPATCH.MCAFEE.COM
Item Id: 500000640 Value: IP Address: 192.168.200.3 Host Name: DOWNLOAD.MCAFEE.COM
Item Id: 500000641 Value: IP Address: 192.168.200.3 Host Name: DOWNLOAD.MICROSOFT.COM
Item Id: 500000642 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US1.KASPERSKY-LABS.COM
Item Id: 500000643 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US2.KASPERSKY-LABS.COM
Item Id: 500000644 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS-US3.KASPERSKY-LABS.COM
Item Id: 500000645 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS.MICROSOFT.COM
Item Id: 500000646 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS1.KASPERSKY-LABS.COM
Item Id: 500000647 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS2.KASPERSKY-LABS.COM
Item Id: 500000648 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS3.KASPERSKY-LABS.COM
Item Id: 500000649 Value: IP Address: 192.168.200.3 Host Name: DOWNLOADS4.KASPERSKY-LABS.COM
Item Id: 500000650 Value: IP Address: 192.168.200.3 Host Name: ENGINE.AWAPS.NET
Item Id: 500000651 Value: IP Address: 192.168.200.3 Host Name: F-SECURE.COM
Item Id: 500000652 Value: IP Address: 192.168.200.3 Host Name: FASTCLICK.NET
Item Id: 500000653 Value: IP Address: 192.168.200.3 Host Name: FTP.AVP.CH
Item Id: 500000654 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS1.KASPERSKY-LABS.COM
Item Id: 500000655 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS2.KASPERSKY-LABS.COM
Item Id: 500000656 Value: IP Address: 192.168.200.3 Host Name: FTP.DOWNLOADS3.KASPERSKY-LABS.COM
Item Id: 500000657 Value: IP Address: 192.168.200.3 Host Name: FTP.F-SECURE.COM
Item Id: 500000658 Value: IP Address: 192.168.200.3 Host Name: FTP.KASPERSKYLAB.RU
Item Id: 500000659 Value: IP Address: 192.168.200.3 Host Name: FTP.SOPHOS.COM
Item Id: 500000660 Value: IP Address: 192.168.200.3 Host Name: GO.MICROSOFT.COM
Item Id: 500000661 Value: IP Address: 192.168.200.3 Host Name: IDS.KASPERSKY-LABS.COM
Item Id: 500000662 Value: IP Address: 192.168.200.3 Host Name: KASPERSKY-LABS.COM
Item Id: 500000663 Value: IP Address: 192.168.200.3 Host Name: KASPERSKY.COM
Item Id: 500000666 Value: IP Address: 192.168.200.3 Host Name: MAST.MCAFEE.COM
Item Id: 500000667 Value: IP Address: 192.168.200.3 Host Name: MCAFEE.COM
Item Id: 500000668 Value: IP Address: 192.168.200.3 Host Name: MEDIA.FASTCLICK.NET
Item Id: 500000669 Value: IP Address: 192.168.200.3 Host Name: MICROSOFT.COM
Item Id: 500000670 Value: IP Address: 192.168.200.3 Host Name: MSDN.MICROSOFT.COM
Item Id: 500000671 Value: IP Address: 192.168.200.3 Host Name: MY-ETRUST.COM
Item Id: 500000672 Value: IP Address: 192.168.200.3 Host Name: NAI.COM
Item Id: 500000673 Value: IP Address: 192.168.200.3 Host Name: NETWORKASSOCIATES.COM
Item Id: 500000674 Value: IP Address: 192.168.200.3 Host Name: NORTON.COM
Item Id: 500000675 Value: IP Address: 192.168.200.3 Host Name: OFFICE.MICROSOFT.COM
Item Id: 500000676 Value: IP Address: 192.168.200.3 Host Name: PANDASOFTWARE.COM
Item Id: 500000677 Value: IP Address: 192.168.200.3 Host Name: PHX.CORPORATE-IR.NET
Item Id: 500000678 Value: IP Address: 192.168.200.3 Host Name: RADS.MCAFEE.COM
Item Id: 500000679 Value: IP Address: 192.168.200.3 Host Name: SECURE.NAI.COM
Item Id: 500000682 Value: IP Address: 192.168.200.3 Host Name: SOPHOS.COM
Item Id: 500000683 Value: IP Address: 192.168.200.3 Host Name: SPD.ATDMT.COM
Item Id: 500000684 Value: IP Address: 192.168.200.3 Host Name: SUPPORT.MICROSOFT.COM
Item Id: 500000686 Value: IP Address: 192.168.200.3 Host Name: TRENDMICRO.COM
Item Id: 500000689 Value: IP Address: 192.168.200.3 Host Name: UPDATES1.KASPERSKY-LABS.COM
Item Id: 500000690 Value: IP Address: 192.168.200.3 Host Name: UPDATES2.KASPERSKY-LABS.COM
Item Id: 500000691 Value: IP Address: 192.168.200.3 Host Name: UPDATES3.KASPERSKY-LABS.COM
Item Id: 500000692 Value: IP Address: 192.168.200.3 Host Name: UPDATES4.KASPERSKY-LABS.COM
Item Id: 500000693 Value: IP Address: 192.168.200.3 Host Name: UPDATES5.KASPERSKY-LABS.COM
Item Id: 500000694 Value: IP Address: 192.168.200.3 Host Name: US.MCAFEE.COM
Item Id: 500000695 Value: IP Address: 192.168.200.3 Host Name: VIL.NAI.COM
Item Id: 500000696 Value: IP Address: 192.168.200.3 Host Name: VIRUSLIST.COM
Item Id: 500000697 Value: IP Address: 192.168.200.3 Host Name: VIRUSLIST.RU
Item Id: 500000698 Value: IP Address: 192.168.200.3 Host Name: VIRUSSCAN.JOTTI.ORG
Item Id: 500000699 Value: IP Address: 192.168.200.3 Host Name: VIRUSTOTAL.COM
Item Id: 500000700 Value: IP Address: 192.168.200.3 Host Name: WINDOWSUPDATE.MICROSOFT.COM
Item Id: 500000701 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.CH
Item Id: 500000702 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.COM
Item Id: 500000703 Value: IP Address: 192.168.200.3 Host Name: WWW.AVP.RU
Item Id: 500000704 Value: IP Address: 192.168.200.3 Host Name: WWW.AWAPS.NET
Item Id: 500000705 Value: IP Address: 192.168.200.3 Host Name: WWW.CA.COM
Item Id: 500000706 Value: IP Address: 192.168.200.3 Host Name: WWW.F-SECURE.COM
Item Id: 500000707 Value: IP Address: 192.168.200.3 Host Name: WWW.FASTCLICK.NET
Item Id: 500000708 Value: IP Address: 192.168.200.3 Host Name: WWW.GRISOFT.COM
Item Id: 500000709 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY-LABS.COM
Item Id: 500000710 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY.COM
Item Id: 500000711 Value: IP Address: 192.168.200.3 Host Name: WWW.KASPERSKY.RU
Item Id: 500000712 Value: IP Address: 192.168.200.3 Host Name: WWW.MCAFEE.COM
Item Id: 500000713 Value: IP Address: 192.168.200.3 Host Name: WWW.MICROSOFT.COM
Item Id: 500000714 Value: IP Address: 192.168.200.3 Host Name: WWW.MY-ETRUST.COM
Item Id: 500000715 Value: IP Address: 192.168.200.3 Host Name: WWW.NAI.COM
Item Id: 500000716 Value: IP Address: 192.168.200.3 Host Name: WWW.NETWORKASSOCIATES.COM
Item Id: 500000717 Value: IP Address: 192.168.200.3 Host Name: WWW.PANDASOFTWARE.COM
Item Id: 500000718 Value: IP Address: 192.168.200.3 Host Name: WWW.SOPHOS.COM
Item Id: 500000721 Value: IP Address: 192.168.200.3 Host Name: WWW.TRENDMICRO.COM
Item Id: 500000722 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSLIST.COM
Item Id: 500000723 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSLIST.RU
Item Id: 500000724 Value: IP Address: 192.168.200.3 Host Name: WWW.VIRUSTOTAL.COM
Item Id: 500000725 Value: IP Address: 192.168.200.3 Host Name: WWW3.CA.COM
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000263 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat mediaplex.com svid /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat estat.com e /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pbw /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pid /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat smartadserver.com pbwmaj /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat ehg-telecomitalia.hitbox.com DM56062648VEV6 /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat hitbox.com CTG /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat hitbox.com WSS_GW /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat weborama.fr wbo_temps_reel /
Item Id: 600000173 Value: Browser: Internet Explorer Cookie: D:\Documents and Settings\PATRICK.1036948703146.001\Cookies\index.dat bluestreak.com id /
Family Id: 1006 Name: Win32.TrojanDownloader.Agent Category: Virus TAI:10
Item Id: 70671 Value: File: C:\WINDOWS\system32\xlibgfl254.dll
Item Id: 300021291 Value: Root: HKLM Path: software\microsoft\tracing\fwcfg
Item Id: 300021307 Value: Root: HKLM Path: system\controlset001\services\ccevtmgr
Item Id: 300021311 Value: Root: HKLM Path: system\controlset001\services\symevent
Item Id: 300021312 Value: Root: HKLM Path: system\controlset001\services\symtdi
Item Id: 300021314 Value: Root: HKLM Path: system\currentcontrolset\services\ccevtmgr
Item Id: 300021318 Value: Root: HKLM Path: system\currentcontrolset\services\symevent
Item Id: 300021319 Value: Root: HKLM Path: system\currentcontrolset\services\symtdi
Item Id: 300021359 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321dt
Item Id: 300021360 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321id
Item Id: 300021361 Value: Root: HKLM Path: system\controlset001\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300021362 Value: Root: HKLM Path: SYSTEM\ControlSet001\\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300021362 Value: Root: HKLM Path: SYSTEM\ControlSet003\\control\securityproviders Value: SecurityProviders Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
Item Id: 300037854 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\ultra soft
Item Id: 300037855 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\run Value: spoolsv
Item Id: 300037862 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037863 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037864 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037865 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037866 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037867 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037868 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037869 Value: Root: HKLM Path: system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037870 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037871 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037872 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037873 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037874 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037875 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037876 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037877 Value: Root: HKLM Path: system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037878 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037879 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037880 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037881 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037882 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: %windir%\system32\winav.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037883 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\shell.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037884 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\printer.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet001\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet002\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300037885 Value: Root: HKLM Path: SYSTEM\ControlSet003\\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list Value: c:\windows\system32\spoolvs.exe
Item Id: 300038581 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: bar23id
Item Id: 300038582 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: fversion2
Item Id: 300038583 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: suid
Item Id: 300038584 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: tssversion2
Item Id: 300038585 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows nt\currentversion Value: upd_version2
Item Id: 300038801 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\microsoft\windows\currentversion\policies\explorer Value: nocontrolpanel
Item Id: 300038802 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windows update Value: noautoupdate
Item Id: 300038803 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windows update Value: nowindowsupdate
Item Id: 300038804 Value: Root: HKU Path: S-1-5-21-1717695627-1231886836-686846662-1006\software\policies\microsoft\windows\windowsupdate\au Value: autoupdate
Item Id: 300038805 Value: Root: HKLM Path: software\microsoft\windows\currentversion\run Value: printer
Item Id: 300038812 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321dt
Item Id: 300038813 Value: Root: HKLM Path: software\microsoft\windows nt\currentversion Value: usr8321id
Item Id: 400001558 Value: Folder: D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\ultra
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: D:\Documents and Settings\PATRICK.1036948703146.001\Recent Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-1717695627-1231886836-686846662-1006\Software\Microsoft\Internet Explorer\TypedURLs Count: 2

Items Ignored During Scan
===========================

Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\sxs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\cabinet.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ati2edxx.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\es.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\sens.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\browser.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\colbact.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mspatcha.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wups2.dll

c:\windows\system32\advpack.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\catsrvut.dll

c:\windows\system32\mfcsubs.dll

c:\windows\system32\catsrv.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\secur32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\winhttp.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\secur32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ati2edxx.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

C:\WINDOWS\EXPLORER.EXE
c:\wind
A voir également:

44 réponses

Réponse 1 / 44
meli-chan Messages postés 8 Statut Membre
 
Re-onjour !

Je viens de faire deux autres scans. Je vous les montre si ça peut vous aider :

SmitfraudFix :

Rapport fait à 20:52:28,76, 18/12/2007
Executé à partir de D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\shovth.exe
D:\Program Files\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\PATRICK.1036948703146.001

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\PATRICK.1036948703146.001\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\PATRIC~1.001\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7272847A-3F91-4E26-B308-E0FD7F77B818}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7272847A-3F91-4E26-B308-E0FD7F77B818}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7272847A-3F91-4E26-B308-E0FD7F77B818}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Et voici celui de HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:05, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\shovth.exe
D:\Program Files\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\trayicons.exe /optimize speed
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8592 bytes

Je suis dslée de conner l'impression d'insister...

j'ai oublié de préciser que j'ai deux partitions : C et D
Il semble que je formate le C mais que ce soit le D qui soit virussé (j'ai un Packard Bell comme ordinateur donc pas de master CD... J'ai reformaté via F11)

Norton (que j'ai remis) a trouvé des trojans qu'il a supprimé (mais ça revient continuellement). De plus je n'ai toujours plus aucun droit sur mon ordinateur (windows update a disparu, je ne peux pas changer le wall, le clic droit vers mes propriétés est interdit car je n'ai pas les droits suffisants....)

Merci beaucoup
0
Réponse 2 / 44
moe
 
Bonsoir Meli-chan

Le rapport de smitfraudfix ne donne rien de concluant, hélas...

Télécharges ComboFix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau, c'est important.

Ensuite déconnectes-toi d'internet et referme les fenêtres de tous les programmes en cours.

Ouvre le menu Démarrer puis clic sur 'Exécuter'

Dans la boîte de dialogue, copie et colle absolument tout ce qui est en bleu ci-dessous : 
"%userprofile%\bureau\ComboFix.exe" /killall

ComboFix va alors se lancer.
Appuies sur la touche 1, pour que le programme commence à exécuter la procédure d'analyse/désinfection.
En fin d'analyse Combofix va redemarrer ton pc, laisses-le faire.
Après le reboot, Combofix va terminer son analyse puis le bloc notes va s'ouvrir avec pour contenu le rapport, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé à la racine de ton DD C:\Combofix.txt)

En plus du rapport combofix reposte aussi un rapport hijackthis

@++ et bon courage.
0
Réponse 3 / 44
meli-chan
 
Merci beaucoup de m'avoir répondu et de chercher à m'aider (un petit rayon de soleil que cette aide lol)

Voici le rapport de ComboFix :

ComboFix 07-12-19.2 - PATRICK 2007-12-18 22:03:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.578 [GMT 1:00]
Running from: D:\Documents and Settings\PATRICK.1036948703146.001\bureau\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\Autorun.inf
C:\WINDOWS\inf\ultra.inf
D:\Autorun.inf
D:\Documents and Settings\All Users.\documents\settings
D:\Documents and Settings\CHABOD\Application Data\nvsvc1024.dll
D:\Documents and Settings\patrick\Application Data\nvsvc1024.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
.

2007-12-19 22:04 . 2005-04-20 19:11 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2007-12-18 21:22 . 2007-12-18 22:02 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\HouseCall 6.6
2007-12-18 21:22 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\AdobeUM
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- C:\WINDOWS\Sun
2007-12-18 21:11 . 2007-12-18 21:11 <REP> d-------- C:\Program Files\Windows Defender
2007-12-18 20:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-18 20:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-18 20:52 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-18 20:52 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-18 20:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-18 20:52 . 2007-12-18 20:52 2,730 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 20:31 . 2007-12-18 20:31 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-18 20:24 . 2007-12-18 20:24 <REP> d-------- C:\Program Files\Canon
2007-12-18 20:23 . 2002-02-12 16:00 97,280 --a------ C:\WINDOWS\system32\CNMLM45.DLL
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-18 20:23 . 2002-02-12 06:00 5,632 --a------ C:\WINDOWS\system32\CNMVS45.DLL
2007-12-18 20:22 . 2007-12-18 20:22 <REP> d--h----- C:\BJPrinter
2007-12-18 20:22 . 2002-01-17 11:48 36,864 --a------ C:\WINDOWS\system32\CNMCP45.EXE
2007-12-18 19:23 . 2007-12-14 15:58 89,088 ---hs---- C:\WINDOWS\system32\winsn.exe
2007-12-18 19:23 . 2007-12-14 15:58 89,088 ---hs---- C:\WINDOWS\system32\shovth.exe
2007-12-18 19:23 . 2007-12-14 15:58 89,088 ---hs---- C:\D87ABF47.exe
2007-12-18 19:23 . 2007-12-18 19:23 28,929 --a------ C:\WINDOWS\trayicons.exe
2007-12-18 19:23 . 2007-12-18 20:48 28,929 --a------ C:\WINDOWS\system32\winsos.exe
2007-12-18 18:35 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-18 18:35 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-18 18:35 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-18 18:20 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-18 18:20 . 2007-12-18 18:20 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-18 18:03 . 2006-11-03 15:02 2,432 --a------ C:\WINDOWS\wds.dat
2007-12-18 18:03 . 2007-01-25 10:04 1,680 --a------ C:\WINDOWS\rmt.dat
2007-12-18 18:02 . 2007-12-18 18:04 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-18 18:02 . 2007-12-18 18:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-18 18:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-18 17:55 . 2007-12-18 18:37 <REP> d-------- C:\Program Files\Norton Internet Security
2007-12-18 17:41 . 2007-12-18 17:41 <REP> d-------- C:\Program Files\TechCity Solutions
2007-12-18 16:12 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage r‚seau
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage d'impression
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\ModŠles
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Mes documents
2007-12-18 15:45 . 2007-12-19 00:38 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Menu D‚marrer
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Favoris
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Bureau
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\You've Got Pictures Screensaver
2007-12-18 15:45 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\Symantec
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage r‚seau
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage d'impression
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\ModŠles
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Mes documents
2007-12-18 15:02 . 2007-12-18 23:54 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Menu D‚marrer
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Favoris
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Bureau
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\You've Got Pictures Screensaver
2007-12-18 15:02 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\Symantec
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage r‚seau
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage d'impression
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\ModŠles
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Mes documents
2007-12-18 14:19 . 2007-12-18 23:12 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Menu D‚marrer
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Favoris
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Bureau
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\You've Got Pictures Screensaver
2007-12-18 14:19 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\Symantec
2007-12-18 13:39 . 2007-12-18 21:35 <REP> d-------- C:\Program Files\Alice
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage r‚seau
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage d'impression
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\ModŠles
2007-12-18 13:37 . 2007-12-18 17:59 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Mes documents
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Menu D‚marrer
2007-12-18 13:37 . 2007-12-18 13:38 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Favoris
2007-12-18 13:37 . 2007-12-18 22:02 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Bureau
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\You've Got Pictures Screensaver
2007-12-18 13:37 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\Symantec
2007-12-18 13:34 . 2007-12-18 13:34 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-12-18 13:28 . 2007-12-18 13:28 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Microsoft Web Folders
2007-12-18 12:12 . 2007-12-18 12:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\FUJIFILM
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\OD2
2007-12-18 11:51 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Lavasoft
2007-12-18 10:33 . 2007-12-18 10:33 <REP> d--hs---- D:\Documents and Settings\CHABOD\UserData
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage r‚seau
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage d'impression
2007-12-18 08:51 . 2007-12-18 17:43 <REP> d--h----- D:\Documents and Settings\CHABOD\ModŠles
2007-12-18 08:51 . 2007-12-18 19:27 <REP> dr------- D:\Documents and Settings\CHABOD\Mes documents
2007-12-18 08:51 . 2007-12-18 13:28 <REP> dr------- D:\Documents and Settings\CHABOD\Menu D‚marrer
2007-12-18 08:51 . 2007-12-18 14:05 <REP> dr------- D:\Documents and Settings\CHABOD\Favoris
2007-12-18 08:51 . 2007-12-18 16:21 <REP> dr------- D:\Documents and Settings\CHABOD\Bureau
2007-12-18 08:51 . 2005-08-30 18:57 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\You've Got Pictures Screensaver
2007-12-18 08:51 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Symantec
2007-12-15 17:44 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-15 17:44 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-15 17:44 . 2005-09-02 16:43 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles
2007-12-15 17:44 . 2005-09-02 07:47 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2007-12-15 17:44 . 2005-09-02 16:43 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-15 17:44 . 2005-09-02 07:47 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2007-12-15 17:44 . 2005-08-30 19:07 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2007-12-15 17:44 . 2005-09-02 16:43 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2007-12-15 17:44 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-15 17:44 . 2007-11-21 19:47 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:30 --------- d-----w D:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2007-12-18 21:25 --------- d-----w C:\Program Files\Windows Media Components
2007-12-18 21:25 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 21:25 --------- d-----w C:\Program Files\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Sonic
2007-12-18 21:25 --------- d-----w C:\Program Files\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 21:25 --------- d-----w C:\Program Files\Learn2.com
2007-12-18 21:25 --------- d-----w C:\Program Files\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\GMixon
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-18 21:25 --------- d-----w C:\Program Files\CyberLink
2007-12-18 21:25 --------- d-----w C:\Program Files\AMD
2007-12-18 20:55 --------- d-----w C:\Program Files\Symantec
2007-12-18 20:52 --------- d-----w C:\Program Files\Services en ligne
2007-12-18 20:49 --------- d-----w C:\Program Files\QuickTime
2007-12-18 20:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-18 20:36 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-18 20:35 --------- d-----w C:\Program Files\AOL 9.0
2007-12-18 19:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-12-18 17:11 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-18 17:11 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-18 17:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-18 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 15:12 --------- d-----w D:\Documents and Settings\patrick\Application Data\Lavasoft
2007-12-18 15:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-25 07:11 --------- d-----w D:\Documents and Settings\patrick\Application Data\Windows Desktop Search
2006-02-17 12:53 81,696 -c--a-w D:\Documents and Settings\patrick\Application Data\GDIPFONTCACHEV1.DAT
2001-03-22 13:27 795,648 -c--a-w D:\Documents and Settings\patrick\clic.exe
2001-03-14 08:03 8,704 -c--a-w D:\Documents and Settings\patrick\_ISDEL.EXE
2001-03-14 08:03 60,416 -c--a-w D:\Documents and Settings\patrick\SETUP.EXE
2001-03-14 08:03 417 -c--a-w D:\Documents and Settings\patrick\os.dat
2001-03-14 08:03 4,525 -c--a-w D:\Documents and Settings\patrick\lang.dat
2001-03-14 08:03 353 -c--a-w D:\Documents and Settings\patrick\layout.bin
2001-03-14 08:03 11,264 -c--a-w D:\Documents and Settings\patrick\_setup.dll
2000-06-07 08:49 5,982,872 -c--a-w D:\Documents and Settings\patrick\ar405fre.exe
1999-04-12 06:40 139,264 -c--a-w D:\Documents and Settings\patrick\mapi32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 02:36]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
"EmailChecker"="C:\APPS\EmailChecker\ech.exe" [2003-07-02 10:13]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"sis32"="C:\WINDOWS\system32\winsos.exe" [2007-12-19 22:07]
"winroot"="C:\WINDOWS\system32\winsn.exe" [2007-12-14 15:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 12:35:45 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2007-12-18 20:14:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-18 17:00:14 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - PATRICK.job"
"2007-12-18 12:36:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-18 12:36:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-18 12:36:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 22:06:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 22:08:32 - machine was rebooted
.
2007-12-18 19:38:49 --- E O F ---

Et voici celui de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:41, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\shovth.exe
D:\Program Files\QuickDCF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 4 / 44
moe
 
Bonsoir Meli-chan

De rien...Belle infection en effet, on va essayer de faire au mieux pour nettoyer tout çà :-)
Je reviens d'ici une demi-heure avec une première procédure, d'ici là évites de rester connecté pour ne pas que l'infection puisse progresser ou s'amplifier.

A tout à l'heure !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
meli-chan Messages postés 8 Statut Membre
 
Je coupe internet ! Houlala j'ai déjà peur d'avoir bcp aggraver la situation à être restée connectée sans savoir.
Je dois malheureusement en plus couper l'ordinateur pour ce soir mais demain à la première heure je serais là pour faire ta première procédure. N'hésite pas à me l'écrire ce que je dois faire.

"Belle infection" ça fait peur quand on lit ça :(
0
Réponse 6 / 44
moe
 
Non, non t'inquiètes, pas d'affolement inutile à avoir concernant la gravité.
Tout est relatif dans la vie :-)
C'est une infection coriace certes mais vu que tu me disais qu'elle envoyait des mails en masse et donc du spam, mieux vaut tant que l'infection est active éviter de surfer inutilement pour ne pas que l'infection s'amplifie.
C'est juste une précaution, autant pour toi que pour ceux qui reçoivent les spams lol.

Voilà ce que tu vas faire dans un premier temps, personnellement je ne repasserais que demain midi voire demain soir, si entre temps il a quelque chose que tu ne comprends pas, n'hésites surtout pas à demander avant de commencer .

Assure toi d'effectuer ce qui va suivre hors connexion et en ouvrant le moins d'applications possibles, autres que celles dont tu auras besoin pour le nettoyage.

Fais un clic droit dans un endroit vide du bureau et clic sur nouveau > Document texte.
Le bloc notes va s'ouvrir.
Copie et colle à l'intérieur absolument tout ce qui est en bleu ci-dessous : 
Killall::
File::
C:\D87ABF47.exe
C:\WINDOWS\trayicons.exe
C:\WINDOWS\system32\wowfx.dll 
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winsos.exe 
C:\WINDOWS\system32\xlibgfl254.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\usr8321dt]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\usr8321id]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"sis32"=-
"winroot"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Une fois fait, dans le menu du bloc notes, clic sur Fichier > Enregistrer
Choisis le bureau comme destination.
Dans 'Nom du fichier' mets : CFScript
Assure toi que juste en dessous le menu déroulant 'Type' soit bien sur 'Fichier texte (*.txt)'
Puis clic sur 'Enregistrer'.

Sur ton bureau, tu as donc un fichier nommé CFScript (ou CFScript.txt), selectionnes-le sans relacher le clic gauche de ta souris et fais le glisser sur l'icone de Combofix.exe puis une fois au dessus, relache le clic gauche.
(Exactement comme si tu voulais déposer un fichier dans un dossier).

Combofix va s'exécuter à nouveau, comme tout à l'heure, tape 1 au menu et laisses-le procéder au nettoyage.
Après redemarrage du pc il génèrera un rapport.
(Il sera sauvegardé sous le nom ComBoFix2.txt)
Copie et colle son contenu dans ton prochain message, ainsi qu'un nouveau rapport hijackthis.

Au fait, tu parlais de restrictions, qu'elles sont-elles exactement ?

Bonne fin de soirée et à demain.

@++
0
VincenVega-1
 
Bonjours ,moe excuse moi pour l'incruste mais pourrais tu m'aide SVP ? voila mon probleme je crois que je suis infecter , j'ai reformater mais rien à donner quuqe chose de satisfaisant ; tous est lent sur mon pc qui est un hp xp media center edition 2005 sans cd d'instalation; pourrais tu m'eclairer STP ? MERCI ENCORE A L'AVANCE MEME SI TU NE ME REPONDS je t'envoye au hasards le rapport combofix ComboFix 08-02-25.3 - HP_Administrateur 2008-02-26 14:15:41.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1381 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 13:21 . 2008-02-26 13:21 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\DivX
2008-02-26 13:20 . 2008-02-26 13:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\LaCie
2008-02-26 13:08 . 2008-02-26 13:08 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Sonic
2008-02-26 13:08 . 2008-02-26 13:08 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Leadertech
2008-02-26 13:03 . 2008-02-26 13:03 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-02-25 22:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-25 21:59 . 2008-02-25 21:59 <REP> d-------- C:\VundoFix Backups
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d-------- C:\Documents and Settings\Kurtlar Vadisi\WINDOWS
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d--h----- C:\Documents and Settings\Kurtlar Vadisi\Voisinage réseau
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d--h----- C:\Documents and Settings\Kurtlar Vadisi\Voisinage d'impression
2008-02-25 21:58 . 2008-02-25 21:58 <REP> dr------- C:\Documents and Settings\Kurtlar Vadisi\Menu Démarrer
2008-02-25 21:58 . 2008-02-25 21:58 <REP> d-------- C:\Documents and Settings\Kurtlar Vadisi\Bureau
2008-02-25 21:56 . 2008-02-25 21:56 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-24 00:55 . 2008-02-24 00:55 303 --a------ C:\WINDOWS\ST6UNST.003
2008-02-24 00:54 . 2008-02-24 00:55 303 --a------ C:\WINDOWS\ST6UNST.002
2008-02-24 00:47 . 2008-02-24 00:47 303 --a------ C:\WINDOWS\ST6UNST.001
2008-02-24 00:46 . 2008-02-24 00:46 303 --a------ C:\WINDOWS\ST6UNST.000
2008-02-23 12:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-23 01:16 . 2008-02-25 22:22 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-22 23:59 . 2008-02-25 22:05 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\dvdcss
2008-02-22 22:02 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\QuickZip4
2008-02-22 21:58 . 2008-02-25 22:18 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM
2008-02-22 21:45 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\DVD Decrypter
2008-02-22 21:41 . 2008-02-21 03:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-22 21:34 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\IZArc
2008-02-22 21:31 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\7-Zip
2008-02-22 20:54 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-22 18:24 . 2008-02-25 21:55 <REP> d--h----- C:\Documents and Settings\Kurtlar Vadisi\Modèles
2008-02-22 18:24 . 2008-02-25 21:58 <REP> dr------- C:\Documents and Settings\Kurtlar Vadisi\Mes documents
2008-02-22 18:24 . 2008-02-25 21:55 <REP> dr------- C:\Documents and Settings\Kurtlar Vadisi\Favoris
2008-02-22 17:59 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-22 17:58 . 2008-02-22 17:58 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-22 17:48 . 2008-02-25 21:55 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Contacts
2008-02-22 17:45 . 2008-02-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-02-22 17:44 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-02-22 17:34 . 2008-02-22 18:04 <REP> d-------- C:\Program Files\Windows Live
2008-02-22 17:34 . 2008-02-25 21:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-22 17:34 . 2008-02-22 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-22 17:21 . 2008-02-22 17:21 <REP> d-------- C:\Program Files\Live! Cam
2008-02-22 17:21 . 2008-02-22 17:21 <REP> d-------- C:\Program Files\iMesh Applications
2008-02-22 16:43 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-22 16:43 . 2008-02-22 16:43 385 --a------ C:\WINDOWS\ODBC.INI
2008-02-22 16:40 . 2008-02-22 16:42 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-22 16:25 . 2008-02-22 16:25 <REP> d-------- C:\Program Files\Free
2008-02-22 12:57 . 2008-02-26 13:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-22 04:19 . 2008-02-22 23:58 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Ahead
2008-02-22 04:17 . 2008-02-22 04:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-22 04:13 . 2008-02-22 04:13 <REP> d-------- C:\Program Files\Nero
2008-02-22 04:13 . 2008-02-22 04:16 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-02-22 04:13 . 2008-02-22 04:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-22 02:54 . 2008-02-26 12:46 13,993 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-22 02:53 . 2008-02-22 04:18 <REP> d-------- C:\Program Files\SiteAdvisor
2008-02-22 02:53 . 2008-02-22 02:53 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-22 02:53 . 2008-02-22 03:57 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\SiteAdvisor
2008-02-22 02:51 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-22 02:49 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-22 02:49 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-22 02:49 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-22 02:49 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-22 02:49 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-22 02:49 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-22 02:48 . 2008-02-22 02:48 <REP> d-------- C:\Program Files\McAfee.com
2008-02-22 02:48 . 2008-02-25 20:04 <REP> d-------- C:\Program Files\McAfee
2008-02-22 02:48 . 2008-02-22 02:49 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-02-22 02:21 . 2008-02-22 02:21 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-22 02:21 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-02-22 02:21 . 2006-11-01 14:57 1,138,688 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-22 02:21 . 2006-11-01 15:02 200,704 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-22 02:21 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-22 02:21 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-22 02:21 . 2005-02-24 18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-22 02:18 . 2008-02-22 02:18 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\vlc
2008-02-22 02:15 . 2008-02-22 02:15 <REP> d-------- C:\Program Files\VideoLAN
2008-02-22 01:58 . 2008-02-22 01:58 <REP> d-------- C:\Program Files\SafeSoft
2008-02-22 01:37 . 2008-02-26 12:48 <REP> d-------- C:\Program Files\SpywareBlaster
2008-02-22 01:37 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-02-22 01:37 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-22 01:34 . 2008-02-22 01:41 <REP> d-------- C:\Program Files\a-squared Free
2008-02-22 01:33 . 2008-02-22 01:33 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IObit
2008-02-22 01:27 . 2008-02-22 01:27 <REP> d-------- C:\Program Files\Lavasoft
2008-02-22 01:27 . 2008-02-22 01:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 01:22 . 2008-02-22 01:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-22 01:22 . 2008-02-22 01:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-22 01:15 . 2008-02-22 01:15 <REP> d-------- C:\Program Files\IObit
2008-02-22 00:17 . 2008-02-25 20:09 <REP> d-------- C:\Program Files\eMule
2008-02-22 00:06 . 2008-02-22 00:06 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft
2008-02-22 00:06 . 2008-02-22 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-22 00:06 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 23:53 . 2008-02-26 13:59 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-02-21 23:45 . 2008-02-21 23:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-21 23:36 . 2008-02-21 23:36 <REP> d-------- C:\Program Files\Crawler
2008-02-21 23:35 . 2008-02-26 12:48 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-21 23:35 . 2008-02-26 12:48 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Spyware Terminator
2008-02-21 23:35 . 2008-02-25 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-21 23:35 . 2008-02-21 23:35 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-21 23:34 . 2008-02-21 23:34 <REP> d-------- C:\Program Files\Yahoo!
2008-02-21 23:33 . 2008-02-21 23:33 <REP> d-------- C:\Program Files\CCleaner
2008-02-21 23:30 . 2008-02-25 21:55 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 21:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-25 20:58 --------- d-----w C:\Program Files\DivX
2008-02-24 19:27 --------- d-----w C:\Program Files\Google
2008-02-22 22:58 --------- d---a-w C:\Program Files\Fichiers communs\LightScribe
2008-02-22 15:41 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 02:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-21 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-21 01:11 1,906 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF774AA-ABF t3612.fr_YC_0Pavi_QCZB639_E64FRemMPA3_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L40C_M1983_J200_7AMD_8Athlon 64 X2 Dual Core_92_#070403_N_Z_G10DE0241.MRK
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-25 22:11 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-21 23:35 2957824]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

C:\Documents and Settings\Kurtlar Vadisi\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 18:08:17 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-01-02 18:08:17 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^FreeBot.lnk]
path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\FreeBot.lnk
backup=C:\WINDOWS\pss\FreeBot.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-02-21 23:35 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-21 23:35]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S2 0108921203644965mcinstcleanup;McAfee Application Installer Cleanup (0108921203644965);C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\[u]0/u10892~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S2 a2AntiDialer;a-squared Anti-Dialer Service;"J:\a-squared Anti-Dialer\a2service.exe" []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-21 23:30] MERCI SI TU POUVAIS M'ECLAIRER
0
Réponse 7 / 44
meli-chan
 
Bonjour !

Tout d'abord merci d'avoir pris le temps de me répondre.

Tu as raison pour l'envoi des spams. Vu l'etat de mon ordi, les voir défiler en masse ne me faisait plus rien, mais j'en étais malade pour toutes les adresses que je voyais passer et qui, à cause de moi, se prenait tout ça.
Depuis que j'ai "formaté" je ne les vois plus (comme s'il ne se passait plus rien) mais j'ai peur que ça se fasse par derrière, sans me montrer.

Concernant les restrictionqs, on me dit que je ne possède pas les droits, je dois aller voir avec l'administrateur principal (je suis également l'administrateur principal, c'est un ordi familial) Je ne pouvais plus accéder à windows update, plus changer le fond d'écran de mon ordi, plus aller voir les propriétés internet etc. A chaque fois on me disait que je ne possédais pas les droits.

A force de passer les scans en ligne, Norton, Spuboth et Ad aware, hier soir, juste avant de couper l'ordinateur, je les ais retrouvé (est-ce un bon signe ?) Mais j'ai aussi peur que ça ne revienne (Après mon premier formatage je les avais retrouvésaussi, mais ça a disparu tout aussi vite)

Je te poste comme demandé les logs concernant Combofix :

ComboFix 07-12-19.2 - PATRICK 2007-12-20 10:50:43.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.598 [GMT 1:00]
Running from: D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\D87ABF47.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\trayicons.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\Autorun.inf
C:\D87ABF47.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\trayicons.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
.

2007-12-20 10:20 . 2007-12-20 10:20 <REP> d-------- C:\WINDOWS\system32\HouseCall 6.6
2007-12-20 09:04 . 2007-12-20 09:04 <REP> d-------- C:\Program Files\MSXML 6.0
2007-12-20 09:00 . 2007-12-20 09:00 <REP> d-------- C:\Program Files\MSBuild
2007-12-20 08:57 . 2007-12-20 09:02 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-20 08:56 . 2007-12-20 08:56 <REP> d-------- C:\Program Files\Reference Assemblies
2007-12-20 08:55 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-20 08:54 . 2007-12-20 08:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-20 08:54 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-20 08:54 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-20 08:54 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-20 08:54 . 2007-12-20 08:54 3,462 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-20 08:53 . 2007-12-20 08:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-20 08:53 . 2007-12-20 08:53 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-20 08:48 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb0.tmp
2007-12-19 22:22 . 2007-12-19 22:24 <REP> d-------- C:\Program Files\Navilog1
2007-12-19 22:17 . 2007-12-19 22:17 <REP> d--hs---- D:\Documents and Settings\PATRICK.1036948703146.001\UserData
2007-12-18 21:22 . 2007-12-20 10:45 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\HouseCall 6.6
2007-12-18 21:22 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\AdobeUM
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- C:\WINDOWS\Sun
2007-12-18 21:11 . 2007-12-18 21:11 <REP> d-------- C:\Program Files\Windows Defender
2007-12-18 20:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-18 20:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-18 20:52 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-18 20:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-18 20:52 . 2007-12-18 20:52 2,730 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 20:31 . 2007-12-18 20:31 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-18 20:24 . 2007-12-18 20:24 <REP> d-------- C:\Program Files\Canon
2007-12-18 20:23 . 2002-02-12 16:00 97,280 --a------ C:\WINDOWS\system32\CNMLM45.DLL
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-18 20:23 . 2002-02-12 06:00 5,632 --a------ C:\WINDOWS\system32\CNMVS45.DLL
2007-12-18 20:22 . 2007-12-18 20:22 <REP> d--h----- C:\BJPrinter
2007-12-18 20:22 . 2002-01-17 11:48 36,864 --a------ C:\WINDOWS\system32\CNMCP45.EXE
2007-12-18 18:35 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-18 18:35 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-18 18:35 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-18 18:20 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-18 18:20 . 2007-12-18 18:20 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-18 18:03 . 2006-11-03 15:02 2,432 --a------ C:\WINDOWS\wds.dat
2007-12-18 18:03 . 2007-01-25 10:04 1,680 --a------ C:\WINDOWS\rmt.dat
2007-12-18 18:02 . 2007-12-18 18:04 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-18 18:02 . 2007-12-18 18:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-18 18:00 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-18 17:55 . 2007-12-18 18:37 <REP> d-------- C:\Program Files\Norton Internet Security
2007-12-18 17:41 . 2007-12-18 17:41 <REP> d-------- C:\Program Files\TechCity Solutions
2007-12-18 16:12 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage r‚seau
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage d'impression
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\ModŠles
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Mes documents
2007-12-18 15:45 . 2007-12-19 00:38 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Menu D‚marrer
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Favoris
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Bureau
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\You've Got Pictures Screensaver
2007-12-18 15:45 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\Symantec
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage r‚seau
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage d'impression
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\ModŠles
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Mes documents
2007-12-18 15:02 . 2007-12-18 23:54 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Menu D‚marrer
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Favoris
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Bureau
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\You've Got Pictures Screensaver
2007-12-18 15:02 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\Symantec
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage r‚seau
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage d'impression
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\ModŠles
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Mes documents
2007-12-18 14:19 . 2007-12-18 23:12 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Menu D‚marrer
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Favoris
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Bureau
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\You've Got Pictures Screensaver
2007-12-18 14:19 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\Symantec
2007-12-18 13:39 . 2007-12-18 21:35 <REP> d-------- C:\Program Files\Alice
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage r‚seau
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage d'impression
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\ModŠles
2007-12-18 13:37 . 2007-12-20 08:40 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Mes documents
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Menu D‚marrer
2007-12-18 13:37 . 2007-12-20 08:40 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Favoris
2007-12-18 13:37 . 2007-12-20 10:54 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Bureau
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\You've Got Pictures Screensaver
2007-12-18 13:37 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\Symantec
2007-12-18 13:36 . 2007-12-18 22:30 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2007-12-18 13:36 . 2005-08-30 18:59 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-12-18 13:34 . 2007-12-18 13:34 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-12-18 13:28 . 2007-12-18 13:28 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Microsoft Web Folders
2007-12-18 12:12 . 2007-12-18 12:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\FUJIFILM
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\OD2
2007-12-18 11:51 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Lavasoft
2007-12-18 10:33 . 2007-12-18 10:33 <REP> d--hs---- D:\Documents and Settings\CHABOD\UserData
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage r‚seau
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage d'impression
2007-12-18 08:51 . 2007-12-18 17:43 <REP> d--h----- D:\Documents and Settings\CHABOD\ModŠles
2007-12-18 08:51 . 2007-12-18 19:27 <REP> dr------- D:\Documents and Settings\CHABOD\Mes documents
2007-12-18 08:51 . 2007-12-18 13:28 <REP> dr------- D:\Documents and Settings\CHABOD\Menu D‚marrer
2007-12-18 08:51 . 2007-12-18 14:05 <REP> dr------- D:\Documents and Settings\CHABOD\Favoris
2007-12-18 08:51 . 2007-12-18 16:21 <REP> dr------- D:\Documents and Settings\CHABOD\Bureau
2007-12-18 08:51 . 2005-08-30 18:57 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\You've Got Pictures Screensaver

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 09:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-12-20 07:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-18 21:25 --------- d-----w C:\Program Files\Windows Media Components
2007-12-18 21:25 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 21:25 --------- d-----w C:\Program Files\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Sonic
2007-12-18 21:25 --------- d-----w C:\Program Files\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 21:25 --------- d-----w C:\Program Files\Learn2.com
2007-12-18 21:25 --------- d-----w C:\Program Files\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\GMixon
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-18 21:25 --------- d-----w C:\Program Files\CyberLink
2007-12-18 21:25 --------- d-----w C:\Program Files\AMD
2007-12-18 20:55 --------- d-----w C:\Program Files\Symantec
2007-12-18 20:52 --------- d-----w C:\Program Files\Services en ligne
2007-12-18 20:49 --------- d-----w C:\Program Files\QuickTime
2007-12-18 20:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-18 20:36 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-18 20:35 --------- d-----w C:\Program Files\AOL 9.0
2007-12-18 17:11 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-18 17:11 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-18 17:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-18 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 15:12 --------- d-----w D:\Documents and Settings\patrick\Application Data\Lavasoft
2007-12-18 15:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-25 07:11 --------- d-----w D:\Documents and Settings\patrick\Application Data\Windows Desktop Search
2006-02-17 12:53 81,696 -c--a-w D:\Documents and Settings\patrick\Application Data\GDIPFONTCACHEV1.DAT
2001-03-22 13:27 795,648 -c--a-w D:\Documents and Settings\patrick\clic.exe
2001-03-14 08:03 8,704 -c--a-w D:\Documents and Settings\patrick\_ISDEL.EXE
2001-03-14 08:03 60,416 -c--a-w D:\Documents and Settings\patrick\SETUP.EXE
2001-03-14 08:03 417 -c--a-w D:\Documents and Settings\patrick\os.dat
2001-03-14 08:03 4,525 -c--a-w D:\Documents and Settings\patrick\lang.dat
2001-03-14 08:03 353 -c--a-w D:\Documents and Settings\patrick\layout.bin
2001-03-14 08:03 11,264 -c--a-w D:\Documents and Settings\patrick\_setup.dll
2000-06-07 08:49 5,982,872 -c--a-w D:\Documents and Settings\patrick\ar405fre.exe
1999-04-12 06:40 139,264 -c--a-w D:\Documents and Settings\patrick\mapi32.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_22.07.38.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
- 2007-10-11 00:14:36 121,856 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-12-20 07:50:10 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-12-20 07:50:14 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-12-20 07:56:20 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-12-20 07:50:15 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-12-20 07:56:55 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2007-12-20 07:50:15 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-12-20 07:50:13 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2007-12-20 07:50:08 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-12-20 07:50:08 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2007-12-20 07:56:57 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2007-12-20 07:50:17 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2007-12-20 07:50:11 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-20 07:50:10 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-12-20 07:52:05 315,392 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2007-12-20 07:50:08 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2007-12-20 07:50:09 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-12-20 07:50:13 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-12-20 07:50:14 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-12-20 07:50:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-12-20 07:52:10 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2007-12-20 07:50:09 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2007-12-20 07:50:09 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2007-12-20 07:52:11 139,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2007-12-20 07:50:10 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2007-12-20 07:52:11 10,240 ----a-w C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2007-12-20 07:50:10 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2007-12-20 07:52:06 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2007-12-20 07:50:09 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-12-20 08:03:17 5,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
+ 2007-12-20 08:03:17 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
+ 2007-12-20 07:56:20 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2007-12-20 07:52:14 9,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2007-12-20 07:50:18 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-12-20 07:52:14 9,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2007-12-20 07:50:18 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2007-12-20 07:52:14 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2007-12-20 07:50:07 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-12-20 07:50:18 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-12-20 07:50:18 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2007-12-20 07:50:08 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-12-20 07:50:07 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-12-20 07:50:08 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-12-20 07:52:11 311,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
+ 2007-12-20 08:02:39 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
+ 2007-12-20 07:56:55 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2007-12-20 07:56:55 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2007-12-20 08:02:39 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
+ 2007-12-20 07:56:57 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2007-12-20 07:56:56 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2007-12-20 07:56:56 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2007-12-20 08:02:39 253,952 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2007-12-20 07:56:56 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2007-12-20 07:56:56 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2007-12-20 08:02:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationUI.resources.dll
+ 2007-12-20 07:56:56 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2007-12-20 08:02:40 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_fr_31bf3856ad364e35\ReachFramework.resources.dll
+ 2007-12-20 07:56:57 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2007-12-20 08:03:17 5,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
+ 2007-12-20 07:56:21 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2007-12-20 07:52:13 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2007-12-20 07:50:16 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2007-12-20 07:52:11 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2007-12-20 07:50:10 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-12-20 07:52:13 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2007-12-20 07:50:16 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2007-12-20 07:52:12 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2007-12-20 07:52:09 335,872 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
+ 2007-12-20 07:52:12 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2007-12-20 07:50:15 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2007-12-20 07:52:06 385,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2007-12-20 07:50:09 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2007-12-20 07:52:10 544,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2007-12-20 07:50:13 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-12-20 07:52:08 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2007-12-20 07:50:10 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2007-12-20 07:52:07 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2007-12-20 07:50:10 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-12-20 07:52:12 6,144 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2007-12-20 07:50:11 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-12-20 07:52:10 15,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2007-12-20 07:50:17 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-12-20 07:52:06 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2007-12-20 08:03:18 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
+ 2007-12-20 08:03:17 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2007-12-20 07:56:21 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2007-12-20 07:56:21 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2007-12-20 08:03:18 12,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
+ 2007-12-20 07:56:21 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2007-12-20 07:52:12 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2007-12-20 07:50:16 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-12-20 07:52:10 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2007-12-20 07:50:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-12-20 08:02:40 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_fr_31bf3856ad364e35\System.Printing.resources.dll
+ 2007-12-20 07:52:10 212,992 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
+ 2007-12-20 07:52:12 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2007-12-20 07:50:16 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-12-20 07:52:13 11,776 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2007-12-20 07:50:16 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-12-20 08:03:18 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
+ 2007-12-20 07:56:21 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2007-12-20 07:52:07 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2007-12-20 07:50:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-12-20 08:03:18 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
+ 2007-12-20 07:56:22 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2007-12-20 08:03:18 475,136 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
+ 2007-12-20 07:56:23 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2007-12-20 07:56:22 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2007-12-20 07:52:08 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2007-12-20 07:50:11 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-12-20 08:02:40 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll
+ 2007-12-20 07:56:57 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2007-12-20 07:52:13 16,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
+ 2007-12-20 07:52:13 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2007-12-20 07:50:17 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-12-20 07:50:11 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-12-20 07:52:08 610,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2007-12-20 07:52:09 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2007-12-20 07:50:12 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-12-20 07:52:09 430,080 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2007-12-20 07:50:12 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-12-20 08:03:57 191,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2007-12-20 08:00:06 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2007-12-20 08:03:57 318,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2007-12-20 08:00:07 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2007-12-20 08:03:57 43,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2007-12-20 08:00:07 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2007-12-20 07:52:09 167,936 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
+ 2007-12-20 07:50:12 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2007-12-20 07:50:17 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-12-20 08:02:40 9,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClient.resources.dll
+ 2007-12-20 07:56:56 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2007-12-20 08:02:40 10,240 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2007-12-20 07:56:56 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2007-12-20 08:02:40 4,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll
+ 2007-12-20 07:56:56 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2007-12-20 08:02:40 7,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationTypes.resources.dll
+ 2007-12-20 07:56:56 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2007-12-20 08:02:39 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll
+ 2007-12-20 07:56:55 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2007-12-20 08:02:40 5,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsFormsIntegration.resources.dll
+ 2007-12-20 07:56:57 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2007-12-20 07:55:31 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\caffc4a4c9fba949af818fc8f753caa5\Accessibility.ni.dll
+ 2007-12-20 07:55:33 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\afef7c4156a291458068824791abd09c\AspNetMMCExt.ni.dll
+ 2007-12-20 08:17:10 434,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\62ffe9fc066a884fb031f282114255c8\ComSvcConfig.ni.exe
+ 2007-12-20 07:55:35 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8a66e7b25c59814db406fb58e7c0c42a\CustomMarshalers.ni.dll
+ 2007-12-20 07:55:34 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b0b97ae2d322aa4f827af9bad31579fe\dfsvc.ni.exe
+ 2007-12-20 07:55:37 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c76a3a8f59604e4eb350c1423e4a6cef\Microsoft.Build.Engine.ni.dll
+ 2007-12-20 07:55:38 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\eda85bff3885cf4e993f712ba690794e\Microsoft.Build.Framework.ni.dll
+ 2007-12-20 07:55:41 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a537444e9b50254bbaac41340f5a7f8c\Microsoft.Build.Tasks.ni.dll
+ 2007-12-20 07:55:42 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\62c345652c8db3498cb60ac77ff0d1a0\Microsoft.Build.Utilities.ni.dll
+ 2007-12-20 08:17:20 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\797b55bfb95b8e47947cd07d31e64159\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2007-12-20 08:17:19 1,069,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a0c8472ebbc12940b98ffe0e31feb95f\Microsoft.Transactions.Bridge.ni.dll
+ 2007-12-20 07:55:45 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3209f9ade3b22c4ba1965974307bf9a0\Microsoft.VisualBasic.ni.dll
+ 2007-12-20 07:57:17 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f9efdc4780b5a044aa4ca62085796072\Microsoft.VisualC.ni.dll
+ 2007-12-20 07:50:41 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6db591f29bdcca409327849bdec8ce7b\mscorlib.ni.dll
+ 2007-12-20 08:18:04 1,576,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\[u]0[/u]773d7a915577d469c4a519b27279cf0\PresentationBuildTasks.ni.dll
+ 2007-12-20 07:58:20 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\ddb9e8017bfc004dbc3abb825f7253e6\PresentationCFFRasterizer.ni.dll
+ 2007-12-20 07:58:18 12,038,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\910be4ec5d130a428f0d1e3589cb3ae4\PresentationCore.ni.dll
+ 2007-12-20 07:59:42 49,152 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\5f680d0dca445e4f8ea1e3c17c05a1fb\PresentationFontCache.ni.exe
+ 2007-12-20 07:59:38 266,240 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39a149c58b06b745a8d56a564f375529\PresentationFramework.Royale.ni.dll
+ 2007-12-20 07:59:35 204,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8fe5485639615b42b02406abf3a4999a\PresentationFramework.Classic.ni.dll
+ 2007-12-20 07:59:14 14,643,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ab4d3f6e4d3fd443b305b05c776da4ce\PresentationFramework.ni.dll
+ 2007-12-20 07:59:39 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cc67e90bd291464c9f29fb82df4262b3\PresentationFramework.Aero.ni.dll
+ 2007-12-20 07:59:37 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\da20c6020f59914d861992dc6efb7172\PresentationFramework.Luna.ni.dll
+ 2007-12-20 07:59:19 1,757,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\ceac08f55ea78642963151924c9550b7\PresentationUI.ni.dll
+ 2007-12-20 07:59:26 2,338,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\825d9484aa2c0c47a02a7cd92be6f455\ReachFramework.ni.dll
+ 2007-12-20 08:17:21 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\80af55c82843f34582047c2227722542\ServiceModelReg.ni.exe
+ 2007-12-20 08:17:22 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\f931fc56cee3d44db9d8a4598d849df2\SMDiagnostics.ni.dll
+ 2007-12-20 08:17:23 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d068cf119995294ab790c59ba32c83d7\SMSvcHost.ni.exe
+ 2007-12-20 08:18:07 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\761027b6887ce349806d8a5458010077\sysglobl.ni.dll
+ 2007-12-20 07:57:45 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\253f5710ee540d4096e34f6fc5f8a993\System.Configuration.Install.ni.dll
+ 2007-12-20 07:55:48 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\376b12a878b9484a96579e6fa16aae33\System.Configuration.ni.dll
+ 2007-12-20 07:57:42 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\326883b873cc144f97b80c19eb6f2092\System.Data.OracleClient.ni.dll
+ 2007-12-20 07:57:16 2,703,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90cf1bca4aaa0647b4a2a2b1ceaa9226\System.Data.SqlXml.ni.dll
+ 2007-12-20 07:51:27 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\2bf1014769387f4881c9c903c3dc752e\System.Data.ni.dll
+ 2007-12-20 07:57:41 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7ba9f55790403b49a9d25b33782b1b2c\System.Deployment.ni.dll
+ 2007-12-20 07:51:37 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8c19081ce99b004fb5c85c45827bd185\System.Design.ni.dll
+ 2007-12-20 07:57:21 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cc100e4bab9f6d4c90e255385195807b\System.DirectoryServices.ni.dll
+ 2007-12-20 07:57:44 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e09bbf40fd011a47bc39a5abc0e83dcb\System.DirectoryServices.Protocols.ni.dll
+ 2007-12-20 07:50:59 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\6cdf0beb3086a049b6cc9b20ea103c7c\System.Drawing.Design.ni.dll
+ 2007-12-20 07:51:02 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\bb8d38c6eaa9b5418027dcf8b20f56a0\System.Drawing.ni.dll
+ 2007-12-20 07:57:20 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87ca34e57a93244a950c012ceab3918e\System.EnterpriseServices.ni.dll
+ 2007-12-20 07:57:20 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87ca34e57a93244a950c012ceab3918e\System.EnterpriseServices.Wrapper.dll
+ 2007-12-20 08:16:40 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\71f8da23102fa74eb04c234f8258387c\System.IdentityModel.Selectors.ni.dll
+ 2007-12-20 08:16:40 995,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6ad2d3828f797e49abb07df98eb2b34c\System.IdentityModel.ni.dll
+ 2007-12-20 08:16:41 425,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\3f5cf5652fd0de498ea8494cb6705c9c\System.IO.Log.ni.dll
+ 2007-12-20 08:00:23 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b98ff523eb104469227f959734b4389\System.Messaging.ni.dll
+ 2007-12-20 07:59:30 1,052,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\8f266ab1e27a5d40ad67c3dde57b101b\System.Printing.ni.dll
+ 2007-12-20 07:57:22 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\ec9424b065dddd4f858ca0cb2b4f8838\System.Runtime.Remoting.ni.dll
+ 2007-12-20 07:57:39 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4248061743dbdc4fb07d88e943e9fd76\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-12-20 08:16:44 2,371,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b5fa19819f695e4a99b85a84753344a9\System.Runtime.Serialization.ni.dll
+ 2007-12-20 07:57:17 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\5443cafb5a5da149abe1784d05c05a32\System.Security.ni.dll
+ 2007-12-20 08:17:09 17,506,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a8fe02bd751b4541a25310fe9db22668\System.ServiceModel.ni.dll
+ 2007-12-20 07:57:44 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\3d95c7544100d54fa816825c179d6e5a\System.ServiceProcess.ni.dll
+ 2007-12-20 08:18:06 2,043,904 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d6adc9aec6427948bb176564e6d2cb2c\System.Speech.ni.dll
+ 2007-12-20 07:57:18 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\[u]0[/u]ab4ea59b612ae4c8d38a3f51537b311\System.Transactions.ni.dll
+ 2007-12-20 08:18:11 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5d46b22abb572149b9dea6dfb0742fa8\System.Web.Mobile.ni.dll
+ 2007-12-20 07:57:43 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2460ea230c5c5d4883a97a9f52de90ed\System.Web.RegularExpressions.ni.dll
+ 2007-12-20 07:57:38 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\75c2a5f67492074ca5c727c0a421a966\System.Web.Services.ni.dll
+ 2007-12-20 07:57:36 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f2790a7f8b750842870c0905ac2a7581\System.Web.ni.dll
+ 2007-12-20 07:51:14 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b06622fef1fbb41a96cefea3f83405e\System.Windows.Forms.ni.dll
+ 2007-12-20 08:00:12 2,965,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\3b420620c011ad46b2300376ca466422\System.Workflow.Activities.ni.dll
+ 2007-12-20 08:00:17 4,599,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\394880ac3d147e40989744e20fc458f9\System.Workflow.ComponentModel.ni.dll
+ 2007-12-20 08:00:22 2,064,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\cfd9d7c686c0264b86623d2589331247\System.Workflow.Runtime.ni.dll
+ 2007-12-20 07:51:19 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\19e22b241f3f3f4791c07e6c5a0f17db\System.Xml.ni.dll
+ 2007-12-20 07:50:58 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d3ab734c6342a84cb4ca56679e0510c7\System.ni.dll
+ 2007-12-20 08:18:12 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c1bb9a4fe400fe479ea171fadacce2c8\UIAutomationClient.ni.dll
+ 2007-12-20 08:18:13 1,122,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\937636532e4c0c4c90b06eb99a02b1e4\UIAutomationClientsideProviders.ni.dll
+ 2007-12-20 07:58:19 51,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7e8565d7ca1edb40863d00928652fdea\UIAutomationProvider.ni.dll
+ 2007-12-20 07:58:19 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\c1ce836d1e7daf41a1968ef9307d93cb\UIAutomationTypes.ni.dll
+ 2007-12-20 07:57:12 3,289,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7987be2b2df3d9439919b0ffe6f529dd\WindowsBase.ni.dll
+ 2007-12-20 08:18:15 245,760 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5ac51d4d856ed7458d13aeb32ede5c82\WindowsFormsIntegration.ni.dll
+ 2007-12-20 08:17:24 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\37085bb5edaac74395920c59fd6d7473\WsatConfig.ni.exe
+ 2007-12-08 23:46:32 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rufsi.dll
+ 2007-11-20 15:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-12-08 23:46:32 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:18:16 3,079,680 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:13:41 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-05 12:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:13:41 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2004-08-11 18:49:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-07 08:06:47 16,832 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
- 2003-02-20 17:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 06:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 17:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 06:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2003-02-20 16:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 06:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 06:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 06:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-12-23 07:59:08 24,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1036\alinkui.dll
+ 2005-12-23 07:59:10 161,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1036\cscompui.dll
+ 2005-12-23 07:59:10 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1036\CvtResUI.dll
+ 2005-12-23 07:59:16 216,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1036\vbc7ui.dll
+ 2005-12-23 07:59:06 245,760 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1036\Vsavb7rtUI.dll
+ 2005-09-23 06:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 06:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 06:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 06:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 06:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 06:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 06:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 06:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 06:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 06:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 06:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 06:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 06:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-12-23 07:59:06 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_compiler.resources.dll
+ 2005-12-23 07:59:06 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_rc.dll
+ 2005-12-23 07:59:06 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_r
0
Réponse 8 / 44
meli-chan
 
Voici le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:26, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QuickDCF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 9 / 44
meli-chan
 
Je viens de voir que le rapport Combofix n'était pas entier... Je le reposte donc (en espérant que ça marche)

ComboFix 07-12-19.2 - PATRICK 2007-12-20 12:11:37.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00]
Running from: D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\D87ABF47.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\trayicons.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\Autorun.inf
C:\D87ABF47.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
.

2007-12-20 10:20 . 2007-12-20 10:20 <REP> d-------- C:\WINDOWS\system32\HouseCall 6.6
2007-12-20 09:04 . 2007-12-20 09:04 <REP> d-------- C:\Program Files\MSXML 6.0
2007-12-20 09:00 . 2007-12-20 09:00 <REP> d-------- C:\Program Files\MSBuild
2007-12-20 08:57 . 2007-12-20 09:02 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-20 08:56 . 2007-12-20 08:56 <REP> d-------- C:\Program Files\Reference Assemblies
2007-12-20 08:55 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-20 08:54 . 2007-12-20 08:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-20 08:54 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-20 08:54 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-20 08:54 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-20 08:54 . 2007-12-20 08:54 3,462 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-20 08:53 . 2007-12-20 08:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-20 08:53 . 2007-12-20 08:53 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-20 08:48 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb0.tmp
2007-12-19 22:22 . 2007-12-19 22:24 <REP> d-------- C:\Program Files\Navilog1
2007-12-19 22:17 . 2007-12-19 22:17 <REP> d--hs---- D:\Documents and Settings\PATRICK.1036948703146.001\UserData
2007-12-18 21:22 . 2007-12-20 12:06 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\HouseCall 6.6
2007-12-18 21:22 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\AdobeUM
2007-12-18 21:21 . 2007-12-18 21:21 <REP> d-------- C:\WINDOWS\Sun
2007-12-18 21:11 . 2007-12-18 21:11 <REP> d-------- C:\Program Files\Windows Defender
2007-12-18 20:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-18 20:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-18 20:52 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-18 20:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-18 20:52 . 2007-12-18 20:52 2,730 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 20:31 . 2007-12-18 20:31 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-18 20:24 . 2007-12-18 20:24 <REP> d-------- C:\Program Files\Canon
2007-12-18 20:23 . 2002-02-12 16:00 97,280 --a------ C:\WINDOWS\system32\CNMLM45.DLL
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-18 20:23 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-18 20:23 . 2002-02-12 06:00 5,632 --a------ C:\WINDOWS\system32\CNMVS45.DLL
2007-12-18 20:22 . 2007-12-18 20:22 <REP> d--h----- C:\BJPrinter
2007-12-18 20:22 . 2002-01-17 11:48 36,864 --a------ C:\WINDOWS\system32\CNMCP45.EXE
2007-12-18 18:35 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-18 18:35 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-18 18:35 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-18 18:20 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-18 18:20 . 2007-12-18 18:20 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-18 18:03 . 2006-11-03 15:02 2,432 --a------ C:\WINDOWS\wds.dat
2007-12-18 18:03 . 2007-01-25 10:04 1,680 --a------ C:\WINDOWS\rmt.dat
2007-12-18 18:02 . 2007-12-18 18:04 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-18 18:02 . 2007-12-18 18:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-18 18:00 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-18 17:55 . 2007-12-18 18:37 <REP> d-------- C:\Program Files\Norton Internet Security
2007-12-18 17:41 . 2007-12-18 17:41 <REP> d-------- C:\Program Files\TechCity Solutions
2007-12-18 16:12 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage r‚seau
2007-12-18 15:45 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\Voisinage d'impression
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d--h----- D:\Documents and Settings\PATRICK.CHABOD\ModŠles
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Mes documents
2007-12-18 15:45 . 2007-12-19 00:38 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Menu D‚marrer
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Favoris
2007-12-18 15:45 . 2007-12-18 15:46 <REP> dr------- D:\Documents and Settings\PATRICK.CHABOD\Bureau
2007-12-18 15:45 . 2007-12-19 00:38 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\You've Got Pictures Screensaver
2007-12-18 15:45 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.CHABOD\Application Data\Symantec
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage r‚seau
2007-12-18 15:02 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\Voisinage d'impression
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146\ModŠles
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Mes documents
2007-12-18 15:02 . 2007-12-18 23:54 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Menu D‚marrer
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Favoris
2007-12-18 15:02 . 2007-12-18 15:03 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146\Bureau
2007-12-18 15:02 . 2007-12-18 23:54 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\You've Got Pictures Screensaver
2007-12-18 15:02 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146\Application Data\Symantec
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage r‚seau
2007-12-18 14:19 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\Voisinage d'impression
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.000\ModŠles
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Mes documents
2007-12-18 14:19 . 2007-12-18 23:12 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Menu D‚marrer
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Favoris
2007-12-18 14:19 . 2007-12-18 14:19 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.000\Bureau
2007-12-18 14:19 . 2007-12-18 23:12 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\You've Got Pictures Screensaver
2007-12-18 14:19 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.000\Application Data\Symantec
2007-12-18 13:39 . 2007-12-18 21:35 <REP> d-------- C:\Program Files\Alice
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage r‚seau
2007-12-18 13:37 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\Voisinage d'impression
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d--h----- D:\Documents and Settings\PATRICK.1036948703146.001\ModŠles
2007-12-18 13:37 . 2007-12-20 08:40 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Mes documents
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Menu D‚marrer
2007-12-18 13:37 . 2007-12-20 08:40 <REP> dr------- D:\Documents and Settings\PATRICK.1036948703146.001\Favoris
2007-12-18 13:37 . 2007-12-20 12:11 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Bureau
2007-12-18 13:37 . 2007-12-18 22:30 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\You've Got Pictures Screensaver
2007-12-18 13:37 . 2005-08-30 18:59 <REP> d-------- D:\Documents and Settings\PATRICK.1036948703146.001\Application Data\Symantec
2007-12-18 13:36 . 2007-12-18 22:30 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2007-12-18 13:36 . 2005-08-30 18:59 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-12-18 13:34 . 2007-12-18 13:34 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-12-18 13:28 . 2007-12-18 13:28 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Microsoft Web Folders
2007-12-18 12:12 . 2007-12-18 12:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\FUJIFILM
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\OD2
2007-12-18 11:51 . 2007-12-18 16:12 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\Lavasoft
2007-12-18 10:33 . 2007-12-18 10:33 <REP> d--hs---- D:\Documents and Settings\CHABOD\UserData
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage r‚seau
2007-12-18 08:51 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\CHABOD\Voisinage d'impression
2007-12-18 08:51 . 2007-12-18 17:43 <REP> d--h----- D:\Documents and Settings\CHABOD\ModŠles
2007-12-18 08:51 . 2007-12-18 19:27 <REP> dr------- D:\Documents and Settings\CHABOD\Mes documents
2007-12-18 08:51 . 2007-12-18 13:28 <REP> dr------- D:\Documents and Settings\CHABOD\Menu D‚marrer
2007-12-18 08:51 . 2007-12-18 14:05 <REP> dr------- D:\Documents and Settings\CHABOD\Favoris
2007-12-18 08:51 . 2007-12-18 16:21 <REP> dr------- D:\Documents and Settings\CHABOD\Bureau
2007-12-18 08:51 . 2005-08-30 18:57 <REP> d-------- D:\Documents and Settings\CHABOD\Application Data\You've Got Pictures Screensaver

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 11:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-12-20 07:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-18 21:25 --------- d-----w C:\Program Files\Windows Media Components
2007-12-18 21:25 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 21:25 --------- d-----w C:\Program Files\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Sonic
2007-12-18 21:25 --------- d-----w C:\Program Files\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 21:25 --------- d-----w C:\Program Files\Learn2.com
2007-12-18 21:25 --------- d-----w C:\Program Files\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\GMixon
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-18 21:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-18 21:25 --------- d-----w C:\Program Files\CyberLink
2007-12-18 21:25 --------- d-----w C:\Program Files\AMD
2007-12-18 20:55 --------- d-----w C:\Program Files\Symantec
2007-12-18 20:52 --------- d-----w C:\Program Files\Services en ligne
2007-12-18 20:49 --------- d-----w C:\Program Files\QuickTime
2007-12-18 20:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-18 20:39 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-18 20:37 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-18 20:36 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-18 20:35 --------- d-----w C:\Program Files\AOL 9.0
2007-12-18 17:11 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-18 17:11 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-18 17:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-18 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 15:12 --------- d-----w D:\Documents and Settings\patrick\Application Data\Lavasoft
2007-12-18 15:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 14:58 89,088 --sh--w C:\D87ABF47.exe
2007-12-14 14:58 89,088 ---h--w C:\.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-25 07:11 --------- d-----w D:\Documents and Settings\patrick\Application Data\Windows Desktop Search
2006-02-17 12:53 81,696 -c--a-w D:\Documents and Settings\patrick\Application Data\GDIPFONTCACHEV1.DAT
2001-03-22 13:27 795,648 -c--a-w D:\Documents and Settings\patrick\clic.exe
2001-03-14 08:03 8,704 -c--a-w D:\Documents and Settings\patrick\_ISDEL.EXE
2001-03-14 08:03 60,416 -c--a-w D:\Documents and Settings\patrick\SETUP.EXE
2001-03-14 08:03 417 -c--a-w D:\Documents and Settings\patrick\os.dat
2001-03-14 08:03 4,525 -c--a-w D:\Documents and Settings\patrick\lang.dat
2001-03-14 08:03 353 -c--a-w D:\Documents and Settings\patrick\layout.bin
2001-03-14 08:03 11,264 -c--a-w D:\Documents and Settings\patrick\_setup.dll
2000-06-07 08:49 5,982,872 -c--a-w D:\Documents and Settings\patrick\ar405fre.exe
1999-04-12 06:40 139,264 -c--a-w D:\Documents and Settings\patrick\mapi32.dll
.

((((((((((((((((((((((((((((( snapshot_2007-12-20_10.55.41.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 18:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 02:36]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2007-12-14 15:58]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"sis32"="C:\WINDOWS\system32\winsos.exe" [2007-12-20 12:15]
"winroot"="C:\WINDOWS\system32\winsn.exe" [2007-12-14 15:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 12:35:45 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2007-12-20 09:56:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-18 17:00:14 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - PATRICK.job"
"2007-12-18 12:36:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-18 12:36:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 12:15:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-20 12:17:12 - machine was rebooted [PATRICK]
C:\ComboFix2.txt ... 2007-12-20 10:56
C:\ComboFix3.txt ... 2007-12-19 22:08
.
2007-12-20 08:10:09 --- E O F ---
0
Réponse 10 / 44
Meli-chan
 
(je suis dslée pour tous ces postes à répétition mais je ne sais pas éditer un message)
(au passage j'ignore pkoi le raport de combofix a changé en cours de route)

Voici le nouveau rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:22, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\shovth.exe
D:\Program Files\QuickDCF.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 11 / 44
moe
 
Bonjour Meli-chan

Merci pour toutes ces précisions et très sincèrement je ne pense pas que tu envoies encore du spam aujourd'hui, sinon entre autre les fenêtres d'analyse de Norton s'afficheraient en masse.

Est-ce que récemment tu as connecté une clé USB/DD externe a ton pc ?
La présence à la racine de ton disque dur et partition d'un fichier autorun.inf semble indiquer des traces d'une infection se propageant par ce biais.

Bon, apparement il y a eu un soucis avec combofix on dirait.
Je vois qu'il y a des incohérences au niveau des dates de création des rapports (à moins que ton horloge ne soit pas à la bonne date ?), nous sommes le 19/12 aujourd'hui et certains des rapport sont datés du 20/12, c'est à dire demain !

De plus, l'infection à l'air de s'être réactivé malgrès les suppressions faites par Combofix, il doit surement me manquer un ou plusieurs éléments pour arriver à mieux la cibler.

Ce que tu peux faire :

Règle correctement la date de ton horloge et désinstalle Combofix :
Démarrer > exécuter et copie/colle :
ComboFix /u
Puis valide.
L'outil va s'auto supprimer ainsi que les dossiers/fichiers qui lui étaient nécessaires.

Ensuite, télécharges cet utilitaire de désinfection, Cureit de DrWeb
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
et enfin rends toi ici et télécharge cet outil d'analyse:
http://www.suspectfile.com/systemscan/
Si tu souhaite plus de précision sur son utilisation ou ce qu'il cible, regarde ici:
http://www.suspectfile.com/systemscan_guide.php

==============================================================

1/
Deconnecte toi d'internet.

2/
Double clic sur le fichier cureit.exe et ensuite clique sur 'Commencer le scan'.
Clique Ok au message de l'analyse rapide.

Lorsque le scan rapide sera terminé, clique sur le menu Options >> Changer la configuration

Dans l'onglet "Scanner":
- Décoche "Analyse heuristique"
- Clique sur "Ok"

De retour à la fenêtre principale selectionne "Analyse complète".
Clique sur la flèche verte sur la droite, et le scan débutera.

Lorsqu'un fichier sera détecté :
- Choisis à l'invite de supprimer si possible ou la mise en Quarantaine.

Un rapport sera généré ici:
C:\Documents and Settings\ton_non_d'utilisateur\DoctorWeb\CureIt.log
(il est trop volumineux pour être posté ici, héberges-le sur https://www.cjoint.com/ et ne poste ici que le lien)

3/
Lance l'outil téléchargé chez suspectfile, assures-toi que toutes les cases d'options soient cochées puis clic sur [Scan now]
Le rapport sera ensuite stocké dans c:\suspectfile\Report.txt
Comme pour celui de DrWeb il sera certainement trop volumineux pour être posté en forum, donc héberges-le sur cjoint.com et ne met ici que le lien qui permettra de le visionner.

4/
Poste les liens des deux rapports sur le forum

5/
Bon courage et bonne journée :-)

@++
0
Réponse 12 / 44
meli-chan
 
Re bonjour !

Voila j'ai fait tout ce que je devais faire. Je te poste tout ce que tu désires.
Malheureusement ça dépasse les 500ko donc je ne peux pas te donner de liens cjoint pour CureIt. Je te le passe via un autre moyen.
http://rapidshare.com/files/77657072/CureIt.log.html (je suis dslée d'avoir recours à ce moyen et je n'aime pas ça du tout mais je n'en connais pas d'autre. Si tu as une idée ?)

Voici le lien pour suspectfile : https://www.cjoint.com/?mtpMWv84To
0
Réponse 13 / 44
meli-chan Messages postés 8 Statut Membre
 
Re bonjour ! Je préfère le poster quand même car je me demande si ça ne vient pas de CureIt avec tout ce qu'il a supprimé.
Je n'ai rien fait d'autre sur l'ordinateur, j'ai juste cherché à rebrancher mon imprimante.
Et là j'ai remarqué que je ne pouvais pas car l'ordinateur ne détecte pas de nouveau matériel (le plug and play est visé je crois) Idem quand j'ai testé avec mp3
J'ai essayé de le remettre.... mais pb il est déjà mis ! Est-ce que ça peut venir de quelque chose qui aurait été supprimé via CureIt ?
0
Réponse 14 / 44
moe
 
Re bonjour meli-chan

Sacrés pavés !

Ecoute si jamais vraiment il y a besoin d'autres rapport aussi volumineux (je ne pense pas) et que rapidshare ou cjoint te pose un problème, je te ferais passer le cas échéant une adresse mail.

Super boulot de DrWeb, je pense sans trop m'avancer qu'il est venu à bout de l'infection, je ne sais pas si tu as suivie le scan mais ça concernait énormément énormément de fichiers !
Le rapport suspectfile à l'air de confirmer et ne montre rien de suspect.

Néanmoins il reste les deux fichiers autorun.inf situés à la racine de ton DD et de ta partition qu'il faut supprimer.
Pour cela :

Ouvre le menu démarrer > exécuter et tape cmd:

Dans la fenêtre de l'invite, copie et colle ces lignes ci-dessous et valides avec la touche entrée

Colle :
attrib -r -s -h C:\autorun.inf
Valide avec Entrée

Colle:
del /Q /F C:\autorun.inf
Valide avec Entrée

Colle :
attrib -r -s -h D:\autorun.inf
Valide avec Entrée

Colle:
del /Q /F D:\autorun.inf
Valide avec Entrée

Referme la fenêtre de l'invite et redémarre ton pc.

Puis :

- Lance hijackthis, clic sur [Open the misc tools section]
A coté du bouton [Générate startuplist log]
Coche les 2 cases.
Puis clic sur [Générate startuplist log]
Copie et colle le rapport sur le forum.

/!\ Il me semble que tu as renommé Hijackthis, redonnes-lui son nom d'origine (HijackThis.exe) sinon le rapport sera tronqué d'une partie importante.

Et enfin :

- Vide la Quarantaine de Norton.

- Ouvre le Panneau de configuration et clic sur l'icone en forme de tasse à café (Java)
Dans l'onglet 'Général' et dans la section 'Fichiers internet temporaires' clic sur [Supprimer les fichiers]

- Si tu as toujours Ccleaner, lance un nettoyage.

- Pour terminer fais un scan AV en ligne avec Kaspersky :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Rends toi sur le site avec Internet Explorer.
En bas à droite de la page clique sur 'Démarrer online scanner'
Clique ensuite sur J'accepte.
Autorise l'installation du Contrôle ActiveX et des MAJ de la base virale.
Patiente pendant l'installation des Mises à jour.
Choisis comme cible d'analyse le Poste de travail.

Sauvegarde puis colle sur le forum, le rapport généré en fin d'analyse.

Pour l'instant c'est déjà pas mal de boulot, donc je vais arrêter là. :-).
Si tu peux, poste le rapport hijackthis avant d'aller faire le scan chez Kaspersky, ça permettra de gagner un peu de temps.

@++

Je n'ai rien fait d'autre sur l'ordinateur, j'ai juste cherché à rebrancher mon imprimante.
Et là j'ai remarqué que je ne pouvais pas car l'ordinateur ne détecte pas de nouveau matériel (le plug and play est visé je crois) Idem quand j'ai testé avec mp3
J'ai essayé de le remettre.... mais pb il est déjà mis ! Est-ce que ça peut venir de quelque chose qui aurait été supprimé via CureIt ?

Je vais revérifier en détail le rapport Cureit pour voir.
Qu'est-ce que tu veux dire par "j'ai essayé de le remettre" ?
Essaye de laisser branché ton imprimante et mp3 puis redémarre le pc et dis moi si après reboot le matériel est détecté, et si par exemple tu peux imprimer un document.
Ouvre le gestionnaire des périphériques (Démarrer > exécuter et tape : devmgmt.msc) et vois s'ils sont reconnu ou pas et s'il y a un point d'exclamation jaune dans la liste du matériel installé.
0
Réponse 15 / 44
meli-chan Messages postés 8 Statut Membre
 
Rha !

Quand j'essaie de rentrer la commande cmd: dans exécuter, il me spécifie "Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément."
0
Réponse 16 / 44
meli-chan Messages postés 8 Statut Membre
 
Et concernant l'imprimante, l'ordinateur ne détecte pas l'imprimante lorsque je la branche (idem quand je veux lancer le cd d'installation) Je ne l'ai plus car j'ai reformaté l'ordinateur lundi, je voulais juste la remettre.
0
Réponse 17 / 44
moe
 
Quand j'essaie de rentrer la commande cmd: dans exécuter, il me spécifie "Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément."

Grrr ! :-) Tu vas essayer autrement pour l'invite de commande :

Démarrer > tous les programmes > Accessoires > invite de commande

Dis moi si ça passe et si ton imprimante fonctionne lorsque tu veux impimer un document une fois branchée.

@++
0
Réponse 18 / 44
meli-chan
 
J'ai réussi ! Merci beaucoup ! Voici le lod de HijackThis :

StartupList report, 19/12/2007, 20:25:54
StartupList version: 1.52.2
Started from : D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\HijackThis.exe.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QuickDCF.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Documents and Settings\PATRICK.1036948703146.001\Bureau\HijackThis.exe.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Documents and Settings\PATRICK.1036948703146.001\Menu Démarrer\Programmes\Démarrage]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
Color Calibration.lnk = ?
Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
MagicTune3.5.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
NaturalColorLoad.lnk = ?
Picture Package Menu.lnk = ?
Picture Package VCD Maker.lnk = ?
Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SoundMan = SOUNDMAN.EXE
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Ulead AutoDetector v2 = C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
PCMService = "c:\Apps\Powercinema\PCMService.exe"
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
ccApp = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
Symantec PIF AlertEng = "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job
Norton Internet Security - Analyse système complète - PATRICK.job
Rappel d'enregistrement 2.job
Rappel d'enregistrement 3.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

[{215B8138-A3CF-44C5-803F-8226143CFC0A}]
CODEBASE = https://www.trendmicro.com/en_us/forHome/products/housecall.html

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/...

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ad-Aware 2007 Service: "D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Filtre de bus AGP Intel: system32\DRIVERS\agp440.sys (system)
Filtre de bus AGP Compaq: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
Filtre de bus AGP ALI: system32\DRIVERS\alim1541.sys (system)
Pilote de filtre du bus AMD AGP: system32\DRIVERS\amdagp.sys (system)
Pilote de processeur AMD: system32\DRIVERS\AmdK8.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AOL Connectivity Service: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (autostart)
Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start)
Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start)
Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\D:\DOCUME~1\PATRIC~1.001\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Symantec Settings Manager: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system)
Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)
CyberLink Background Capture Service (CBCS): "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" (autostart)
Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (autostart)
CyberLink Task Scheduler (CTS): "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" (autostart)
Symantec Lic NetConnect service: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM Host: "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe" (manual start)
Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CyberLink Media Library Service: "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pilote de disque: system32\DRIVERS\disk.sys (system)
Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (system)
EraserUtilRebootDrv: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system)
Generic Service for HID Keyboard Input Collections: c:\APPS\HIDSERVICE\HIDSERVICE.exe (autostart)
Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start)
Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system)
Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)
Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start)
Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start)
Pilote IPSEC: system32\DRIVERS\ipsec.sys (system)
Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start)
Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system)
Validation de mot de passe Symantec IS: "C:\Program Files\Norton Internet Security\isPwdSvc.exe" (manual start)
Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system)
Pilote HID de clavier: system32\DRIVERS\kbdhid.sys (system)
Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)
Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
LiveUpdate Notice Service Ex: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
LiveUpdate Notice Service: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (autostart)
Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system)
Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)
Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
MysqlInventime: C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime (manual start)
NAVENG: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071219.007\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071219.007\NAVEX15.SYS (manual start)
Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start)
NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start)
Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start)
Interface NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system)
DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start)
Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start)
Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
Contrôleur hôte compatible IEE 1394 VIA OHCI: system32\DRIVERS\ohci1394.sys (system)
Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start)
Pilote de bus PCI: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Pilote processeur: system32\DRIVERS\processr.sys (system)
Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)
Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start)
Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system)
Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start)
Parallèle direct: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)
recagent: \??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys (manual start)
Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system)
Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start)
Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start)
Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)
Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)
Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start)
Pilote de port série: system32\DRIVERS\serial.sys (system)
Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Filtre de bus AGP SIS: system32\DRIVERS\sisagp.sys (system)
SmartLink AMR_PCI Driver: system32\DRIVERS\slntamr.sys (manual start)
SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
SPBBCDrv: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)
Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)
Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system)
Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
SRTSP: System32\Drivers\SRTSP.SYS (manual start)
SRTSPL: System32\Drivers\SRTSPL.SYS (manual start)
SRTSPX: System32\Drivers\SRTSPX.SYS (system)
Srv: system32\DRIVERS\srv.sys (manual start)
Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start)
Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A} (manual start)
Symantec Core LC: "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" (manual start)
Symantec AppCore Service: "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe" (autostart)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20071212.002\SymIDSCo.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)
Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)
Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system)
Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system)
Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
TosIde: system32\DRIVERS\toside.sys (system)
Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Ulead Burning Helper: C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start)
Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start)
Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start)
Pilote miniport de contrôleur hôte ouvert USB Microsoft: system32\DRIVERS\usbohci.sys (manual start)
Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Filtre de bus AGP VIA: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Service Partage réseau du Lecteur Windows Media: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\TEMP\CCIA.tmp||C:\WINDOWS\TEMP\CCIB.tmp||C:\WINDOWS\TEMP\CCID.tmp||C:\WINDOWS\TEMP\CCIE.tmp||C:\WINDOWS\TEMP\CCIF.tmp||C:\WINDOWS\TEMP\CCI10.tmp||C:\WINDOWS\TEMP\CCI11.tmp||C:\WINDOWS\TEMP\CCI14.tmp||C:\WINDOWS\TEMP\CCI15.tmp||C:\WINDOWS\TEMP\CCI16.tmp||C:\WINDOWS\TEMP\CCI21.tmp||C:\WINDOWS\TEMP\CCI22.tmp||C:\WINDOWS\TEMP\CCI24.tmp||C:\WINDOWS\TEMP\CCI25.tmp||C:\WINDOWS\TEMP\CCI26.tmp||C:\WINDOWS\TEMP\CCI27.tmp||C:\WINDOWS\TEMP\CCI28.tmp||C:\WINDOWS\TEMP\CCI2B.tmp||C:\WINDOWS\TEMP\CCI2C.tmp||C:\WINDOWS\TEMP\CCI2D.tmp

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 41 386 bytes
Report generated in 0,140 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
0
Réponse 19 / 44
meli-chan
 
Pendant que Karpersky s'occupe de moi (lol) je te réponds concernant mon imprimante.

Elle était branchée (mais un peu à la va-vite) et j'ai réussi à imprimé ce que tu m'avais dit de faire plus haut;, déconnectée du net. Et j'ai donc passé tout ça.
A mon retour sur le net, voulant imprimer la suite, on m'a dit qu'elle était maintenant hors ligne... J'ai vérifié elle est bien branchée et concernant les pilotes ils y étaient tous.
J'ai tout désinstallé préférant tout remettre bien plutôt que de chercher à bidouiller. D'habitude en branchant l'imprimante, l'ordi la détecte tout de suite (nouveau matériel détecté) là il ne l'a pas fait. J'ai mis le CD d'installation de l'imprimante, l'autorun ne s'est pas lancé, j'ai du le lancer moi même. Et je ne vais pas plus loin.
J'ai essayé de voir avec mon mp3 que j'ai branché. je l'ai allumé. d'habitude il le détecte de suite (pour pouvoir retirer des chanson ou en mettre) et là rien. Mon MP3 m'indiquait qu'il était bien branché au disque dur. Mais concernant l'ordi, inconnu ! Comme s'il n'y était pas.

Donc je me demandais si qurelque chose n'avait pas disparu avec DrWeb qui n'aurait pas du être
0
Réponse 20 / 44
moe
 
Très bien !
Tu confirme que tout c'est bien passé pour les fichiers autorun.inf ?

Télécharge Pocket killbox ici:
http://killbox.net/downloads/KillBox.exe

Lances-le puis dans le menu selectionne 'Remove Item' puis clic sur 'Remove PendingFileRenameOpération'
Ensuite dans le menu 'Tools'clic sur 'Delete Temp File'
Dans la petite fenêtre qui va s'ouvrir, clic sur option et selectionne 'Process all profiles'
Et enfin, clique sur [Delete selected temps Files]
Referme le programme et ensuite tu peux le supprimer car tu n'en aura plus besoin.

Etonnant quand même cette erreur avec la boite de dialogue exécuter, ça plus l'imprimante et le mp3.
A première vue ça ressemble à une limitation des droits qui provoque un peu le même genre de restriction.

Tu va vérifier plusieurs petites choses :
Dans le panneau de configuration > comptes d'utilisateur, vérifie que ton compte soit bien administrateur.
Vérifie aussi et dis moi si à partir du menu démarrer tu arrives à lancer normalement la majorité de tes programmes et si ça provoque d'autres messages du même style que pour exécuter > cmd.

Refais un essai avec 'exécuter', cette fois tu vas essayer d'ouvrir le gestionnaire du registre, Démarrer > exécuter > regedit

Sinon le rapport hijackthis est propre comparé au dernier posté, c'est déjà un très bon point car en apparence aucune infection ne semble active, ce qui confirme le beau boulot de DrWeb.
On va voir maintenant si Kaspersky est du même avis :-)
Ensuite si tout va bien côté Kaspersky, j'aurais encore quelques petites vérifications à te faire faire.

@++ et bonne fin de soirée, je repasserais demain voir le rapport Kav.

ps:
En fait je viens de revérifier le rapport DrWeb et sincèrement je ne vois absolument rien qui puisse expliquer ton soucis avec l'imprimante...
Le virus s'est propagé entre autre en se copiant et en empruntant le nom du dossier parent dans lequel il se répliquait et mis à part c:\apps\aboard\aboard.exe qui est normalement légitime et qui a fait les frais du virus (ce processus je crois, s'occupait de gérer les touches multimédia de ton clavier), je ne vois pas quoi pourrait concerner à la fois l'imprimante et l'autorun du cd.
(Pour ton lecteur cd regarde dans ses propriétés s'il est paramétré pour exécuter une action spécifique à l'insersion d'un cd.
Est-ce que dans le poste de travail tu peux malgré tout accéder à ton lecteur mp3 ?)

Perso je penserais plus à des modifications dans le registre ou bien à un problème de droits.
Si tu veux bien on regardera ça de plus près mais seulement après être sur qu'il n'y ait d'abord plus aucune infection qui traine sur ton pc et d'ailleur c'est ce à quoi je faisais allusion en parlant de "vérifications à te faire faire".
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses