Help me!!!! Braviax attaque

KFQE -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Ca y est, moi aussi je suis pollué par Braviax,

Norton et secuser ne le détecte pas, zone alarm si, mais je ne sais pas comment réparer
Merci de votre aide

Ci dessous le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:19, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\windows\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\braviax.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JP\Bureau\Nouveau dossier\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.246.60.78 weather.ocens.net
O1 - Hosts: 64.246.60.78 wxnet.ocens.net
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ioroxxo microsoft sux] C:\Program Files\Mediafour\Setup files\MacDrive 6 Free Trial (6.1.5) (1033)\MacDrive\Windows\System32,1.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] C:\Program Files\Mediafour\Setup files\MacDrive 6 Free Trial (6.1.5) (1033)\MacDrive\Windows\System32,1.exe
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll
O22 - SharedTaskScheduler: {5839511e-ec1b-4f91-ace3-fb88e52f5239} - fairydom - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JP/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13059 bytes
Configuration: Windows XP
Internet Explorer 6.0

14 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    si tu n'avais que braviax .....

    __________

    # télécharger Hoster :
    http://www.funkytoad.com/download/HostsXpert.zip

    # Dézipper le dossier sur le bureau.
    # Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

    ______________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    ________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ________________

    recolle hijakchits et dis tes soucis!
    0
    1. kfqe
       
      Voila la 1° phase avec SDFix est términée,

      voici le rapport,

      Dis moi la suite de la démarche je ne lance pas pour l'instant Combofix

      Merci par avance
      0
    2. kfqe
       
      Quel étourdi j'ai oublié le rapport, le voici cette fois

      [b]SDFix: Version 1.159 [/b]

      Run by JP on 20/03/2008 at 23:28

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\JP\Bureau\SDFIX\SDFix

      [b]Checking Services [/b]:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      Trojan Files Found:

      C:\WINDOWS\SYSTEM32\DLLGH8~1.EXE - Deleted
      C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
      C:\WINDOWS\SYSTEM32\PAYTIME.EXE - Deleted
      C:\WINDOWS\SYSTEM32\RUN64DLL.DLL - Deleted
      C:\FHNA.EXE - Deleted
      C:\IMTQV.EXE - Deleted
      C:\LTTD.EXE - Deleted
      C:\MMYQVFS.EXE - Deleted
      C:\MSCONF~1.EXE - Deleted
      C:\QTAUA.EXE - Deleted
      C:\SWVLKHPV.EXE - Deleted
      C:\WJWNYU.EXE - Deleted
      C:\XDARBSNR.EXE - Deleted
      C:\Documents and Settings\All Users\Menu D‚marrer\Online Security Guide.url - Deleted
      C:\Documents and Settings\All Users\Menu D‚marrer\Security Troubleshooting.url - Deleted
      C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
      C:\WINDOWS\system32\TFTP1604 - Deleted
      C:\WINDOWS\system32\TFTP180 - Deleted
      C:\WINDOWS\system32\TFTP244 - Deleted
      C:\WINDOWS\system32\TFTP268 - Deleted
      C:\WINDOWS\system32\TFTP2840 - Deleted
      C:\WINDOWS\system32\TFTP468 - Deleted
      C:\WINDOWS\system32\TFTP992 - Deleted
      C:\WINDOWS\hosts - Deleted
      C:\WINDOWS\system32\braviax.exe - Deleted
      C:\WINDOWS\system32\vx.tll - Deleted
      C:\WINDOWS\system32\wind32.exe - Deleted



      Folder C:\Program Files\Microsoft Security Adviser - Removed


      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-20 23:43:46
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
      "D:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="D:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
      "D:\\Program Files\\I&M\\MaxSea\\MaxSea.exe"="D:\\Program Files\\I&M\\MaxSea\\MaxSea.exe:*:Enabled:MaxSea"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE"
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE"
      "D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

      [b]Remaining Files [/b]:


      File Backups: - C:\DOCUME~1\JP\Bureau\SDFIX\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Wed 1 Mar 2006 7,432 ...HR --- "C:\C_DILLA\BD0BA000.BAK"
      Sun 6 Jan 2008 24 ..SH. --- "C:\WINDOWS\SD23536EF.tmp"
      Thu 17 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Tue 21 Dec 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
      Tue 21 Dec 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
      Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
      Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
      Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
      Sun 21 Oct 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
      Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
      Sun 30 Dec 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
      Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
      Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6067d5deb7173c35afab0355ff048bd7\BIT3.tmp"
      Fri 4 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\JP\Application Data\Microsoft\ModŠles\~WRL3248.tmp"

      [b]Finished![/b]
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ________________

    recolle hijakchits et dis tes soucis!
    0
    1. kfqe
       
      Bonjour, désolé pour le retard dans ma réponse
      j'ai du m'absenter
      de plus j'ai été obligé de désinstaller Norton A V, car il blocquait Combofix, bref voila les 3 rapports

      [b]SDFix: Version 1.159 [/b]

      Run by JP on 2008-03-22 at 16:45

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\JP\Bureau\SDFIX\SDFix

      [b]Checking Services [/b]:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      No Trojan Files Found






      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-22 16:51:10
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "DeviceNotSelectedTimeout"="15"
      "GDIProcessHandleQuota"=dword:00002710
      "Spooler"="yes"
      "swapdisk"=""
      "TransmissionRetryTimeout"="90"
      "USERProcessHandleQuota"=dword:00002710
      "SecureDesktop"=dword:00000000

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE"
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE"
      "D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

      [b]Remaining Files [/b]:


      File Backups: - C:\DOCUME~1\JP\Bureau\SDFIX\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Wed 1 Mar 2006 7,432 ...HR --- "C:\C_DILLA\BD0BA000.BAK"
      Sun 6 Jan 2008 24 ..SH. --- "C:\WINDOWS\SD23536EF.tmp"
      Thu 17 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Tue 21 Dec 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
      Tue 21 Dec 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
      Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
      Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
      Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
      Sun 21 Oct 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
      Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
      Sun 30 Dec 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
      Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
      Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6067d5deb7173c35afab0355ff048bd7\BIT3.tmp"
      Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT4.tmp"
      Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
      Fri 4 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\JP\Application Data\Microsoft\ModŠles\~WRL3248.tmp"

      [b]Finished![/b]

      _________________________________________________________________________________


      ComboFix 08-03-20.5 - JP 2008-03-22 16:58:37.7 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
      Endroit: C:\Documents and Settings\JP\Bureau\KillBagle.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\Program Files\dialers
      C:\WINDOWS\install.exe
      C:\WINDOWS\secure32.html
      C:\WINDOWS\tool1.exe
      C:\WINDOWS\tool2.exe
      C:\WINDOWS\tool3.exe
      C:\WINDOWS\tool4.exe
      C:\WINDOWS\tool5.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_npf


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
      2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
      2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
      2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-03-19 22:41 . 2008-03-22 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
      2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
      2008-03-06 20:05 . 2008-03-06 20:05 16,848 --a------ C:\sysddpx.exe
      2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
      2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
      2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
      2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
      2008-03-19 21:43 --------- d-----w C:\Program Files\Google
      2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
      2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
      2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
      2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
      2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
      2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
      2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
      2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
      2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-03-22_16.40.04.75 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-03-21 09:44:53 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
      + 2008-03-22 15:44:23 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
      - 2008-03-21 09:44:53 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
      + 2008-03-22 15:44:23 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Microsoft USB2"="mskav32.exe" []
      "Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
      "Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
      "atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
      "CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
      "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
      "Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
      "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
      "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
      "MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
      "AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
      "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
      "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
      "ioroxxo microsoft sux"="system32" [2008-03-22 17:00 0 C:\WINDOWS\system32]
      "Microsoft USB2"="mskav32.exe" []
      "Microsoft Update Machine"="MSlti32.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Microsoft USB2"="mskav32.exe" []

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
      Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoInstrumentation"= 0 (0x0)
      "NoSimpleStartMenu"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoUserNameInStartMenu"= 1 (0x1)
      "NoInstrumentation"= 1 (0x1)
      "NoStartMenuPinnedList"= 0 (0x0)
      "ForceStartMenuLogoff"= 0 (0x0)
      "NoViewOnDrive"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "FlashX"= {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll [2007-04-22 16:48 21504]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
      backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
      backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Planificateur LiveUpdate automatique"=2 (0x2)
      "GBPoll"=2 (0x2)
      "SPBBCSvc"=2 (0x2)
      "SNDSrvc"=3 (0x3)
      "SBService"=2 (0x2)
      "NProtectService"=2 (0x2)
      "NPFMntor"=2 (0x2)
      "navapsvc"=3 (0x3)
      "LiveUpdate"=3 (0x3)
      "ccSetMgr"=2 (0x2)
      "ccPwdSvc"=3 (0x3)
      "ccEvtMgr"=2 (0x2)
      "BlueSoleil Hid Service"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
      "D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

      R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
      R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
      R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
      R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
      S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
      S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
      S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
      S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
      S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
      S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
      S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
      S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"

      _______________________________________________________________________________________


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:04, on 2008-03-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\windows\system32\svchost.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      C:\WINDOWS\system32\atwtusb.exe
      D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      D:\Program Files\QuickTime\qttask.exe
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Mio Technology\MioSync\mioSync.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
      O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
      O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
      O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)
      O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll
      O22 - SharedTaskScheduler: {5839511e-ec1b-4f91-ace3-fb88e52f5239} - fairydom - (no file)
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JP/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
    ________________

    AVG antispyware
    https://www.01net.com/
    http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    ________________

    mets a jour internet explorer ici:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ________________

    colle un rapport hijackthis
    0
    1. KFQE
       
      Voila, le ménage a l'air d'etre fait, voici les rapports:
      1 SMIT
      2 AVG
      3 Bit defender
      4 Hijack

      SmitFraudFix v2.307

      Rapport fait à 18:50:15.56, 2008-03-22
      Executé à partir de C:\Documents and Settings\JP\Bureau\Nouveau dossier\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "fairydom"="{5839511e-ec1b-4f91-ace3-fb88e52f5239}"


      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\WINDOWS\kl.exe supprimé
      C:\WINDOWS\ms1.exe supprimé
      C:\WINDOWS\toolbar.exe supprimé
      C:\WINDOWS\system32\ot.ico supprimé
      C:\WINDOWS\system32\ts.ico supprimé
      C:\WINDOWS\system32\1024\ supprimé
      C:\DOCUME~1\JP\Favoris\Antivirus Test Online.url supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CS1\Services\Tcpip\..\{2913121C-F62D-4E55-9411-8E66691B8BD5}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      _____________________________________________________________________

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 20:12 2008-03-22

      + Résultat de l'analyse:



      C:\QooBox\Quarantine\C\WINDOWS\Install.exe.vir -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{9F8D845F-0125-4B9F-8166-974AF86AC578}\RP2\A0000021.exe -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport

      _______________________________________________________________________

      BitDefender Online Scanner - Real Time Virus Report



      Generated at: Sat, Mar 22, 2008 - 22:40:23


      --------------------------------------------------------------------------------





      Scan Info



      Scanned Files
      678088

      Infected Files
      85








      Virus Detected



      Packer.FSG.A
      2

      Adware.Advertismen.B
      1

      Worm.RJump.K
      6

      Trojan.Conroot.A
      4

      Trojan.Downloader.Tibs.GYU
      30

      Trojan.Downloader.JH
      4

      Trojan.Startpage.AOG
      1

      Trojan.Downloader.VB.VFU
      6

      Trojan.Downloader.Small.EHB
      3

      Win32.Worm.P2P.Puce.G
      2

      Dropped:Trojan.BHO.WebPrefix.A
      1

      Trojan.Autorun.EU
      2

      Trojan.Generic.86198
      4

      Trojan.Downloader.Agent.ZAK
      5

      Trojan.Click.280
      2

      Trojan.Peed.JAZ
      3

      Generic.XPL.ADODB.AE0E076A
      1

      Generic.Malware.P!.6C18C55D
      2

      Win32.Worm.Bagle.ZJP
      1

      Win32.Worm.Bagle.ZKA
      5










      --------------------------------------------------------------------------------



      This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.





      _________________________________________________________________

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:09, on 2008-03-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\windows\system32\winlogon.exe
      D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      C:\WINDOWS\system32\atwtusb.exe
      D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      D:\Program Files\QuickTime\qttask.exe
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      C:\WINDOWS\system32\wuauclt.exe
      E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Mio Technology\MioSync\mioSync.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
      O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
      O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
      O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    effectivement on est loin du compte!

    il en reste plein!

    ______________

    1/ # Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

    Double-clique sur l’icône.
    Les icônes vont disparaître. C’est normal.
    Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
    Redémarre ensuite le PC.
    __________________________
    3/

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ____________________________
    4/

    * Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
    * Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
    * Double-cliquez dessus pour l'ouvrir
    * Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
    * Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
    * Cliquez sur le bouton Explorar pour lancer l'analyse

    ________________
    5/ vire ce qui est dans quarantine en allant dans poste de travail puis C puis qoobox

    C:\QooBox\Quarantine
    ________________

    6/

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là : https://www.informatruc.com

    ________________
    7/ colle un nouveau rapport bitdefender entier avec le nom des fihciers inféctés
    0
    1. kfqe
       
      Voila c'est fait

      Bon rien sur les clés et disques externes
      rien avec flash disinfector

      voila le rapport combo
      ______________________________________________________________
      ComboFix 08-03-20.5 - JP 2008-03-23 11:15:30.8 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 1:00]
      Endroit: C:\Documents and Settings\JP\Bureau\KillBagle.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\Program Files\dialers
      C:\WINDOWS\install.exe
      C:\WINDOWS\secure32.html
      C:\WINDOWS\tool1.exe
      C:\WINDOWS\tool2.exe
      C:\WINDOWS\tool3.exe
      C:\WINDOWS\tool4.exe
      C:\WINDOWS\tool5.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_npf


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-22 22:59 . 2008-03-22 23:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-03-22 22:52 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-03-22 22:52 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-03-22 22:52 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-03-22 22:52 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-03-22 22:52 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-03-22 22:52 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-03-22 22:52 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-03-22 22:52 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-03-22 22:52 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-03-22 20:29 . 2008-03-22 22:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
      2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\JP\Application Data\Grisoft
      2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-22 18:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-03-22 18:44 . 2008-03-22 18:50 3,398 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
      2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
      2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
      2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-03-19 22:41 . 2008-03-22 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
      2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
      2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
      2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
      2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
      2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
      2008-03-19 21:43 --------- d-----w C:\Program Files\Google
      2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
      2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
      2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
      2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
      2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
      2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
      2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
      2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
      2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
      2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-03-22_16.40.04.75 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2005-07-08 16:30:34 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
      + 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
      + 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
      + 2005-07-07 18:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
      + 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
      + 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
      + 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
      + 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      + 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
      + 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
      + 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
      + 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
      + 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
      + 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
      + 2005-06-15 17:48:49 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
      + 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
      + 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
      + 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
      + 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
      + 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
      + 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
      + 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
      + 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
      + 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
      + 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
      + 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
      + 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
      + 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
      + 2005-09-10 01:53:06 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
      + 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
      + 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
      + 2005-09-09 15:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
      + 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
      + 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
      + 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
      + 2006-01-04 04:19:19 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
      + 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
      + 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
      + 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
      + 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
      + 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
      + 2006-06-22 05:22:11 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
      + 2006-06-22 05:22:12 1,440,768 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
      + 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
      + 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
      + 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
      + 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
      + 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
      + 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
      + 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
      + 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
      + 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
      + 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
      + 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
      + 2006-10-13 12:43:07 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
      + 2006-10-13 12:43:07 145,920 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
      + 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
      + 2006-10-13 12:43:07 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
      + 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
      + 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
      + 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
      + 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
      + 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
      + 2006-12-26 13:20:21 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
      + 2006-12-26 13:20:21 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
      + 2006-12-26 13:20:21 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
      + 2006-12-26 13:20:21 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
      + 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
      + 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
      + 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
      + 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
      + 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
      + 2006-12-19 21:48:29 8,515,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
      + 2006-12-19 21:48:29 135,680 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
      + 2006-12-19 16:29:57 265,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\spru040c.dll
      + 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
      + 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
      + 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
      + 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
      + 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
      + 2007-06-26 06:07:05 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
      + 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
      + 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
      + 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
      + 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
      + 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
      + 2007-06-13 13:10:53 1,037,312 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      + 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
      + 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
      + 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
      + 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
      + 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
      + 2008-03-22 19:29:05 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
      + 2008-03-22 19:29:06 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
      + 2008-03-22 19:29:06 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
      + 2008-03-22 19:29:09 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
      + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
      + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
      + 2008-03-22 19:29:09 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
      + 2008-03-22 19:29:06 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
      + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
      + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
      - 2005-03-02 18:07:56 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
      + 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
      - 2005-03-02 18:07:56 2,058,880 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      - 2005-03-02 18:08:01 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
      + 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
      - 2005-03-02 18:08:06 2,181,376 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      + 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      - 2008-03-21 09:44:53 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
      + 2008-03-22 15:44:23 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
      - 2008-03-21 09:44:53 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
      + 2008-03-22 15:44:23 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
      - 2004-08-19 15:09:54 1,036,288 ----a-w C:\WINDOWS\explorer.exe
      + 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
      + 2004-08-19 15:09:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
      + 2004-08-19 15:09:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
      + 2004-08-19 15:09:22 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
      + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
      + 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
      + 2007-12-07 01:07:03 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
      + 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
      + 2004-08-19 15:09:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
      + 2004-08-19 15:09:56 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
      + 2004-08-19 15:09:28 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
      + 2004-08-19 15:09:28 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
      + 2001-08-28 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
      + 2004-08-19 15:09:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
      + 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
      + 2004-08-19 15:09:28 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
      + 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
      + 2004-08-19 15:09:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
      + 2004-08-19 15:09:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
      + 2004-08-19 15:09:56 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
      + 2004-08-19 15:09:30 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
      + 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
      + 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
      + 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
      + 2004-08-19 15:09:32 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
      + 2004-08-19 15:10:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
      + 2007-12-07 19:07:06 3,080,192 -c----w C:\WINDOWS\ie7\mshtml.dll
      + 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
      + 2004-08-19 15:08:28 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
      + 2001-08-28 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
      + 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
      + 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
      + 2004-08-19 15:09:38 97,280 -c----w C:\WINDOWS\ie7\occache.dll
      + 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
      + 2007-09-26 17:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
      + 2007-09-26 17:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
      + 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
      + 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
      + 2004-08-19 15:09:48 37,888 -c----w C:\WINDOWS\ie7\url.dll
      + 2007-12-07 01:07:05 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
      + 2004-08-19 15:09:48 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
      + 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
      + 2004-08-19 15:09:48 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
      + 2007-12-07 01:07:05 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
      + 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
      + 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
      + 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
      + 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
      + 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
      + 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
      + 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
      + 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
      + 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
      + 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
      + 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
      + 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
      + 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
      + 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
      + 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
      + 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
      + 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
      + 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
      + 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
      + 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
      + 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
      + 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
      + 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
      + 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
      + 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
      + 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
      + 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
      + 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
      + 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
      + 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
      + 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
      + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
      + 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
      + 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
      + 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
      + 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
      + 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
      + 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
      + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
      + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
      + 2007-08-13 17:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
      + 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
      + 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll.000
      + 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
      + 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
      + 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
      + 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
      + 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
      + 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
      + 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
      + 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
      + 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
      + 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
      + 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
      + 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
      + 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
      + 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
      + 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
      + 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
      + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
      + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
      + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
      + 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
      + 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
      + 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
      + 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
      + 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
      + 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
      + 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
      + 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
      + 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
      + 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
      + 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
      + 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
      + 2007-08-13 17:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
      + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
      + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
      + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
      + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
      + 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
      + 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
      + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
      + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
      + 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
      + 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
      + 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
      + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
      - 2004-08-19 15:09:20 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
      + 2006-08-16 11:59:27 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
      - 2004-08-19 15:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
      + 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
      - 2004-08-19 15:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
      + 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
      - 2004-08-19 15:09:22 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
      + 2005-09-10 01:55:14 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
      - 2004-08-19 15:09:22 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
      + 2006-06-22 05:13:45 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
      + 2006-08-16 11:59:27 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll
      + 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
      + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
      + 2006-06-22 05:13:45 69,120 -c----w C:\WINDOWS\system32\dllcache\ciodm.dll
      + 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
      - 2004-12-21 11:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
      + 2007-08-13 17:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
      - 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      + 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      - 2007-12-07 01:07:03 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
      + 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
      - 2004-08-19 15:09:54 1,036,288 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
      + 2007-06-13 13:22:28 1,037,312 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
      - 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
      + 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
      - 2004-08-19 15:09:28 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
      + 2007-08-13 17:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
      + 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      + 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
      + 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
      - 2001-08-28 12:00:00 245,760 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
      + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
      + 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
      - 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
      + 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
      + 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
      - 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
      + 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
      + 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
      + 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
      - 2004-08-19 15:09:56 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
      + 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
      + 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
      - 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
      + 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
      - 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
      + 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
      - 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
      + 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
      + 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
      - 2001-08-28 12:00:00 924,432 -c----w C:\WINDOWS\system32\dllcache\mfc40u.dll
      + 2006-11-01 19:18:42 927,504 -c----w C:\WINDOWS\system32\dllcache\mfc40u.dll
      + 2006-12-14 13:45:53 981,760 -c----w C:\WINDOWS\system32\dllcache\mfc42u.dll
      + 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
      + 2007-07-06 12:50:47 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
      + 2007-07-06 12:50:47 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
      + 2007-07-06 12:50:47 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
      + 2007-07-06 12:50:47 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll
      + 2007-07-06 12:50:47 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll
      + 2007-07-06 12:50:47 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
      + 2007-07-06 12:50:47 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
      + 2007-07-06 12:50:47 527,360 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
      + 2006-12-26 13:09:12 536,576 -c----w C:\WINDOWS\system32\dllcache\msado15.dll
      + 2006-12-26 13:09:12 180,224 -c----w C:\WINDOWS\system32\dllcache\msadomd.dll
      + 2006-12-26 13:09:12 200,704 -c----w C:\WINDOWS\system32\dllcache\msadox.dll
      + 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
      - 2007-12-07 19:07:06 3,080,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      + 2007-12-08 09:38:36 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
      - 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
      + 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
      + 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
      + 2006-12-26 13:09:12 102,400 -c----w C:\WINDOWS\system32\dllcache\msjro.dll
      - 2001-08-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
      + 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
      - 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
      + 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
      - 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
      + 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
      - 2004-08-19 15:09:36 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
      + 2007-06-26 06:09:14 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
      + 2007-02-28 16:02:21 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      + 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      + 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      + 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      - 2001-08-28 12:00:00 58,880 -c----w C:\WINDOWS\system32\dllcache\nwapi32.dll
      + 2006-10-13 12:36:55 64,000 -c----w C:\WINDOWS\system32\dllcache\nwapi32.dll
      + 2006-10-13 12:36:55 145,920 -c----w C:\WINDOWS\system32\dllcache\nwprovau.dll
      + 2006-10-13 10:23:15 163,584 -c----w C:\WINDOWS\system32\dllcache\nwrdr.sys
      + 2006-10-13 12:36:55 65,536 -c----w C:\WINDOWS\system32\dllcache\nwwks.dll
      + 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
      - 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
      + 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
      + 2006-06-22 05:13:46 1,440,768 -c----w C:\WINDOWS\system32\dllcache\query.dll
      - 2004-08-19 15:09:40 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
      + 2007-07-09 13:11:46 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
      - 2006-03-17 04:07:40 8,508,416 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
      + 2007-10-25 16:56:24 8,510,976 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
      + 2006-12-19 21:49:47 135,168 -c----w C:\WINDOWS\system32\dllcache\shsvcs.dll
      + 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
      + 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
      - 2004-08-19 15:09:48 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
      + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
      - 2007-12-07 01:07:05 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
      + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
      + 2007-08-13 17:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
      - 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
      + 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
      + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
      - 2007-12-07 01:07:05 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
      + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
      - 2004-08-03 21:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
      + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
      - 2004-08-03 22:02:24 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
      + 2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
      - 2004-08-19 15:10:20 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
      + 2005-06-10 04:11:22 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
      - 2004-08-03 22:14:46 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      + 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      - 2004-08-03 22:07:46 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      + 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      - 2007-12-07 01:07:03 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
      + 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
      - 2007-12-07 01:07:03 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
      + 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
      - 2007-12-07 01:07:04 55,808 ------w C:\WINDOWS\system32\extmgr.dll
      + 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\extmgr.dll
      + 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
      + 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
      - 2004-08-19 15:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
      + 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
      - 2004-08-19 15:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
      + 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
      - 2004-08-19 15:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
      + 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
      - 2001-08-28 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
      + 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
      + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
      + 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
      - 2004-08-19 15:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
      + 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
      - 2004-08-19 15:09:28 81,920 ------w C:\WINDOWS\system32\ieencode.dll
      + 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
      + 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
      - 2007-12-07 01:07:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
      + 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
      - 2004-08-19 15:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
      + 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
      + 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
      - 2004-08-19 15:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
      + 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
      + 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
      + 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
      - 2004-08-19 15:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
      + 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
      - 2007-12-07 01:07:04 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
      + 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
      - 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
      + 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
      - 2007-12-07 01:07:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
      + 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
      - 2004-08-19 15:09:32 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
      + 2005-06-15 17:50:31 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
      + 2008-03-20 17:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      - 2004-08-19 15:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
      + 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
      - 2001-08-28 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
      + 2006-11-01 19:18:42 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
      - 2004-08-19 15:09:32 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
      + 2006-12-14 13:45:53 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
      - 2004-08-19 15:09:32 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
      + 2007-07-06 12:50:47 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
      - 2004-08-19 15:09:32 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
      + 2007-07-06 12:50:47 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
      - 2004-08-19 15:09:32 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
      + 2007-07-06 12:50:47 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
      - 2004-08-19 15:09:32 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
      + 2007-07-06 12:50:47 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
      - 2004-08-19 15:09:32 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
      + 2007-07-06 12:50:47 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
      - 2004-08-19 15:09:32 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
      + 2007-07-06 12:50:47 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
      - 2004-08-19 15:09:34 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
      + 2007-07-06 12:50:47 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
      - 2004-08-19 15:09:34 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
      + 2007-07-06 12:50:47 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
      + 2008-03-05 07:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
      + 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
      + 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
      + 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
      - 2004-08-19 15:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
      + 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
      - 2007-12-07 19:07:06 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll
      + 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
      - 2007-12-07 01:07:04 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
      + 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
      - 2004-08-19 15:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
      + 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
      - 2001-08-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
      + 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
      - 2007-12-07 01:07:04 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
      + 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\msrating.dll
      - 2007-12-07 01:07:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
      + 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\mstime.dll
      - 2004-08-19 15:09:36 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
      + 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
      + 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
      + 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
      - 2005-03-02 18:07:56 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      - 2005-03-02 18:08:06 2,181,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      + 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      - 2001-08-28 12:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
      + 2006-10-13 12:36:55 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
      - 2004-08-19 15:09:38 147,968 ----a-w C:\WINDOWS\system32\nwprovau.dll
      + 2006-10-13 12:36:55 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll
      - 2004-08-19 15:09:38 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
      + 2006-10-13 12:36:55 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
      - 2004-08-19 15:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll
      + 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\occache.dll
      - 2008-03-22 13:37:39 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-03-22 19:22:46 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-03-22 13:37:39 76,292 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-03-22 19:22:46 76,292 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-03-22 13:37:39 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-03-22 19:22:46 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-03-22 13:37:39 471,206 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-03-22 19:22:46 471,206 ----a-w C:\WINDOWS\system32\perfh00C.dat
      - 2007-12-07 01:07:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
      + 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
      - 2004-08-19 15:09:40 1,440,768 ----a-w C:\WINDOWS\system32\query.dll
      + 2006-06-22 05:13:46 1,440,768 ----a-w C:\WINDOWS\system32\query.dll
      - 2004-08-19 15:09:40 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
      + 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
      - 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
      + 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
      - 2004-08-19 15:09:42 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
      + 2006-12-19 21:49:47 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
      - 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
      + 2006-01-19 19:29:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
      - 2004-08-19 15:10:04 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
      + 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
      - 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
      + 2006-09-06 16:43:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
      - 2004-08-19 15:09:48 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
      + 2005-07-08 16:28:58 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
      - 2004-08-19 15:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
      + 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
      - 2007-12-07 01:07:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
      + 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
      - 2004-08-19 15:09:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
      + 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
      - 2004-08-19 15:09:48 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
      + 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
      - 2004-08-19 15:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
      + 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
      - 2004-08-19 15:09:48 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
      + 2006-01-04 03:35:11 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
      + 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
      - 2007-12-07 01:07:05 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
      + 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
      + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
      + 2007-01-19 12:51:03 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
      + 2007-01-19 12:51:04 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
      + 2007-01-19 12:51:04 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
      + 2007-01-19 12:51:04 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Microsoft USB2"="mskav32.exe" []
      "Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
      "Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
      "atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
      "CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
      "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
      "Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
      "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
      "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
      "MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
      "AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
      "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
      "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
      "!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
      "ioroxxo microsoft sux"="system32" [2008-03-23 11:18 0 C:\WINDOWS\system32]
      "Microsoft USB2"="mskav32.exe" []
      "Microsoft Update Machine"="MSlti32.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Microsoft USB2"="mskav32.exe" []

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
      Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoInstrumentation"= 0 (0x0)
      "NoSimpleStartMenu"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoUserNameInStartMenu"= 1 (0x1)
      "NoInstrumentation"= 1 (0x1)
      "NoStartMenuPinnedList"= 0 (0x0)
      "ForceStartMenuLogoff"= 0 (0x0)
      "NoViewOnDrive"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "FlashX"= {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll [ ]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
      backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
      backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Planificateur LiveUpdate automatique"=2 (0x2)
      "GBPoll"=2 (0x2)
      "SPBBCSvc"=2 (0x2)
      "SNDSrvc"=3 (0x3)
      "SBService"=2 (0x2)
      "NProtectService"=2 (0x2)
      "NPFMntor"=2 (0x2)
      "navapsvc"=3 (0x3)
      "LiveUpdate"=3 (0x3)
      "ccSetMgr"=2 (0x2)
      "ccPwdSvc"=3 (0x3)
      "ccEvtMgr"=2 (0x2)
      "BlueSoleil Hid Service"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
      "D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
      R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
      R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
      R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
      S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
      S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
      S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
      S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
      S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
      S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
      S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
      S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"


      __________________________________________________________________

      le rapport elibagla


      Sun Mar 23 11:46:10 2008
      EliBagle v11.18 (c)2008 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Acción Directa):

      Sun Mar 23 11:46:30 2008
      EliBagle v11.18 (c)2008 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad C:\

      Nº Total de Directorios: 5990
      Nº Total de Ficheros: 68687
      Nº de Ficheros Analizados: 16472
      Nº de Ficheros Infectados: 0
      Nº de Ficheros Limpiados: 0
      ____________________________________________

      le rapport bitdefender:
      (par contre je n'ai pas vu la possibilité de faire un rapport avec les noms entiers)

      BitDefender Online Scanner - Real Time Virus Report



      Generated at: Sun, Mar 23, 2008 - 14:45:55


      --------------------------------------------------------------------------------





      Scan Info



      Scanned Files
      680986

      Infected Files
      3








      Virus Detected



      Packer.FSG.A
      2

      Dropped:Trojan.BHO.WebPrefix.A
      1










      --------------------------------------------------------------------------------



      This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



      Voila!
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    Peux tu reposter un rapport hijack mais au préalable l'avoir renomé Exemple HJT

    Je vois qu'il n 'y a pas de ligne 02 ni 020 Peut etre une infection vundo

    Merci @+
    0
  7. kfqe
     
    Voila le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33, on 2008-03-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\svchost.exe
    D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\system32\atwtusb.exe
    D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\spider.exe
    C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
    O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
    O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
    O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  8. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    Tu n'as pas renomé hijackthis ...

    Refait un log et renome le !

    Alors tu peux fixer ces lignes

    O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)

    voila j'attend ton nouveau rapport
    0
    1. kfqe
       
      voila un rapport Hijack avant le fix de la ligne 21,
      et un autre hijack1 après

      Merci, A+
      0
    2. kfqe
       
      Désolé avec les rapports c'est mieux !!!

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:33, on 2008-03-23
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\windows\system32\svchost.exe
      D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      C:\WINDOWS\system32\atwtusb.exe
      D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      D:\Program Files\QuickTime\qttask.exe
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Mio Technology\MioSync\mioSync.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\spider.exe
      C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
      O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
      O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
      O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt, tu as un rapport bitdefender qui donne le noms des fichiers inféctés???
    0
    1. KFQE
       
      Slt,

      Je ne vois pas ce que tu veux dire avec le rapport des fichiers infectés,

      je n'ai que le rapport que j'ai posté précédement, y a t'il une configuration à faire avant de lancer Bitdefender?
      0
    2. KFQE
       
      Voila ce que j'ai, je ne suis pas sûr que ce soit ce que tu me demandes, ça me parait bien petit, dis-moi si ça ne va pas.
      __________________________________________

      BitDefender Online Scanner - Real Time Virus Report



      Generated at: Sun, Mar 23, 2008 - 14:45:55


      --------------------------------------------------------------------------------





      Scan Info



      Scanned Files
      680986

      Infected Files
      3








      Virus Detected



      Packer.FSG.A
      2

      Dropped:Trojan.BHO.WebPrefix.A
      1










      --------------------------------------------------------------------------------



      This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il me faut le rapport qui donne le nom des infections et le nom des fichiers qui sont inféctés
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    presque ca il manque le nom des fichiers inféctés
    0
    1. KFQE
       
      OK, Voila j'ai relancé bit defender et j'ai réussi a sauvegarder le rapport


      BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
      Scan report generated at: Sun, Mar 23, 2008 - 22:19:07

      Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

      Statistics
      Time02:05:47
      Files669798
      Folders12031
      Boot Sectors8
      Archives13311
      Packed Files45073

      Results
      Identified Viruses 2
      Infected Files 3
      Suspect Files 0
      Warnings0
      Disinfected0
      Deleted Files3

      Engines Info
      Virus Definitions1021883
      Engine buildAVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
      Scan plugins16
      Archive plugins41
      Unpack plugins7
      E-mail plugins6
      System plugins5

      Scan Settings
      First ActionPrompt
      Second ActionNone
      HeuristicsYes
      Enable WarningsYes
      Scanned Extensions*;
      Exclude Extensions
      Scan EmailsYes
      Scan ArchivesYes
      Scan PackedYes
      Scan FilesYes
      Scan BootYes

      Scanned File Status
      F:\telechargements\Microsoft Autoroute Express 2006
      CD1.iso=>crackfix.exeInfected with: Dropped:Trojan.BHO.WebPrefix.A
      F:\telechargements\Microsoft Autoroute Express 2006
      CD1.iso=>crackfix.exeDeleted
      F:\telechargements\Microsoft Autoroute Express 2006 CD1.isoUpdate
      failed
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
      Systemworks 2005 Premium/Norton Ghost v9 KeyGen.exeInfected with:
      Packer.FSG.A
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
      Systemworks 2005 Premium/Norton Ghost v9 KeyGen.exeDeleted
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.isoUpdate failed
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
      Systemworks 2005 Premium/Norton SystemWork 2005 Premium
      KeyGen.exeInfected with: Packer.FSG.A
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
      Systemworks 2005 Premium/Norton SystemWork 2005 Premium
      KeyGen.exeDeleted
      F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
      (Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
      Raymar.isoUpdate failed
      0
  12. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    KeyGens <<<<:::: voila d'ou vienne tes soucis
    0
    1. KFQE
       
      Ok, Je viens d'effacer ces saletées de télechargements, qui d'ailleurs trainaient sur mon PC sans utilité, j'avais fini par les oublier dans ce dossier téléchargement.

      Pense tu que le fait de les effacer soit suffisant, et ensuite que doit je metre en place pour eviter que cela se reproduise.

      Merci
      A+
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui ca sufit,
    mets recolle un hijakchits et dis tes soucis, et tu as quels antivirus?
    0
    1. KFQE
       
      Voila le rapport, concernant l'antivirus, j'ai Norton System Works

      _______________________________________________________________________________

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:05, on 24/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\windows\system32\services.exe
      D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      D:\Program Files\realplayer\RealPlay.exe
      C:\WINDOWS\system32\atwtusb.exe
      D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      D:\Program Files\QuickTime\qttask.exe
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Mio Technology\MioSync\mioSync.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Documents and Settings\JP\Bureau\eden\eden.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
      O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
      O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
      O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    * Télécharge FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    * Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.

    ___________

    mets a jour java comme indiqué ici:
    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
    ___________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\System32\d?dplay.exe
    C:\WINDOWS\system32\atwtusb.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________________
    reinstalle norton

    puis
    Remets aussi un rapport Hijackthis
    0
    1. KFQE
       
      Bonsoir,

      Voici mes rapports après les différentes manip:

      Escusez moi pour le délai de ma réponse, mais j'ai un emploi du temps chargé en ce moment

      Merci d'avance pour vos réponses.

      Username "JP" - 24/03/2008 20:49:29 [Fixwareout edited 9/01/2007]

      ~~~~~ Prerun check

      Cache de résolution DNS vidé.


      System was rebooted successfully.

      ~~~~~ Postrun check
      HKLM\SOFTWARE\~\Winlogon\ "System"=""
      ....
      ....
      ~~~~~ Misc files.
      ....
      ~~~~~ Checking for older varients.
      ....

      ~~~~~ Current runs (hklm hkcu "run" Keys Only)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Name of App"="C:\\Program Files\\SAMSUNG\\FW LiveUpdate\\Liveupdate.exe"
      "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
      "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
      "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
      "atwtusb"="atwtusb.exe beta"
      "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
      "CloneCDTray"="\"d:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
      "QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
      "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
      "RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
      "MoneyStartUp10.0"="\"D:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
      "AdobeVersionCue"="e:\\Program Files\\Adobe\\Adobe Version Cue\\ControlPanel\\VersionCueTray.exe"
      "SoundMan"="SOUNDMAN.EXE"
      "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
      "LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
      "!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      "Microsoft USB2"="mskav32.exe"
      "Jimruo"="C:\\WINDOWS\\System32\\d?dplay.exe"
      "Creative Detector"="D:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      ....
      Hosts file was reset, If you use a custom hosts file please replace it...
      ~~~~~ End report ~~~~~

      ----------------------------------------------------------


      ComboFix 08-03-24.1 - JP 2008-03-24 22:06:11.10 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]
      Endroit: C:\Documents and Settings\JP\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\JP\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\Program Files\dialers
      C:\WINDOWS\install.exe
      C:\WINDOWS\secure32.html
      C:\WINDOWS\tool1.exe
      C:\WINDOWS\tool2.exe
      C:\WINDOWS\tool3.exe
      C:\WINDOWS\tool4.exe
      C:\WINDOWS\tool5.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_npf


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-24 21:57 . 2008-03-24 22:01 <REP> d-------- C:\KillBagle
      2008-03-24 20:49 . 2008-03-24 20:54 <REP> d-------- C:\fixwareout
      2008-03-22 22:59 . 2008-03-22 23:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-03-22 22:52 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-03-22 22:52 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-03-22 22:52 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-03-22 22:52 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-03-22 22:52 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-03-22 22:52 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-03-22 22:52 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-03-22 22:52 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-03-22 22:52 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-03-22 20:29 . 2008-03-24 06:21 <REP> d-------- C:\WINDOWS\BDOSCAN8
      2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\JP\Application Data\Grisoft
      2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-22 18:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-03-22 18:44 . 2008-03-22 18:50 3,398 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
      2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
      2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
      2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-03-19 22:41 . 2008-03-24 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
      2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
      2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-24 20:16 155,995 ----a-w C:\WINDOWS\java\Packages\3TFLZL7D.ZIP
      2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
      2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
      2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
      2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
      2008-03-19 21:43 --------- d-----w C:\Program Files\Google
      2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
      2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
      2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
      2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
      2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
      2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
      2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
      2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
      2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
      2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
      2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
      2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
      .

      ((((((((((((((((((((((((((((( snapshot_2008-03-23_11.19.21,60 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2002-10-17 18:08:12 6,550 ----a-w C:\WINDOWS\jautoexp.dat
      + 2002-10-17 19:44:56 46,352 ----a-w C:\WINDOWS\setdebug.exe
      + 2002-10-17 19:44:48 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
      + 2002-10-17 18:07:28 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
      + 2002-10-17 19:44:36 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
      + 2002-10-17 19:44:36 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
      + 2002-10-17 19:44:38 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
      + 2002-10-17 19:44:38 404,752 ----a-w C:\WINDOWS\system32\javart.dll
      + 2002-10-17 19:44:54 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
      + 2002-10-17 19:44:38 171,280 ----a-w C:\WINDOWS\system32\jit.dll
      + 2002-10-17 19:44:54 172,304 ----a-w C:\WINDOWS\system32\jview.exe
      + 2002-10-17 19:44:40 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
      + 2002-10-17 19:44:48 947,984 ----a-w C:\WINDOWS\system32\msjava.dll
      + 2002-10-17 19:44:48 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
      + 2002-10-17 19:44:48 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
      + 2002-10-17 19:44:56 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Microsoft USB2"="mskav32.exe" []
      "Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
      "Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
      "atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
      "CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
      "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
      "Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
      "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
      "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
      "MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
      "AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
      "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
      "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
      "!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
      "ioroxxo microsoft sux"="system32" [2008-03-24 22:15 0 C:\WINDOWS\system32]
      "Microsoft USB2"="mskav32.exe" []
      "Microsoft Update Machine"="MSlti32.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Microsoft USB2"="mskav32.exe" []

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
      Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoInstrumentation"= 0 (0x0)
      "NoSimpleStartMenu"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoFavoritesMenu"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "NoStartMenuMyMusic"= 0 (0x0)
      "NoRecentDocsNetHood"= 0 (0x0)
      "NoUserNameInStartMenu"= 1 (0x1)
      "NoInstrumentation"= 1 (0x1)
      "NoStartMenuPinnedList"= 0 (0x0)
      "ForceStartMenuLogoff"= 0 (0x0)
      "NoViewOnDrive"= 0 (0x0)

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
      backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
      backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Planificateur LiveUpdate automatique"=2 (0x2)
      "GBPoll"=2 (0x2)
      "SPBBCSvc"=2 (0x2)
      "SNDSrvc"=3 (0x3)
      "SBService"=2 (0x2)
      "NProtectService"=2 (0x2)
      "NPFMntor"=2 (0x2)
      "navapsvc"=3 (0x3)
      "LiveUpdate"=3 (0x3)
      "ccSetMgr"=2 (0x2)
      "ccPwdSvc"=3 (0x3)
      "ccEvtMgr"=2 (0x2)
      "BlueSoleil Hid Service"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
      "C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
      "D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
      R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
      R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
      R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
      R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
      S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
      S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
      S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
      S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
      S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
      S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
      S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
      S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"
      _________________________________________________________

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:35, on 2008-03-28
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      c:\windows\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      C:\WINDOWS\system32\atwtusb.exe
      D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      D:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      d:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
      E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
      E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Mio Technology\MioSync\mioSync.exe
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
      D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
      C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      D:\Program Files\realplayer\RealPlay.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
      O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
      O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
      O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
      O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
      O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - d:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle un nouveau rapport sdfix et explique aussi tes soucis actuels
    0