virus System Integrity Scan Wizard

Question

Bonjour, 


Moi aussi j'ai ce fichu System Integrity Scan Wizard !!! 
si vous pouvez m'aider car je n'arrive pas à le supprimer.

j'ai déja installé HijackThis, voilà le resultat du 1er scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:10, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\All Users\Application Dataidafuba\dwzclgfk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\dqlklmfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [hpnhytce] C:\WINDOWS\system32\dqlklmfw.exe
O4 - HKLM\..\Policies\Explorer\Run: [ziIL6qrPiQ] C:\Documents and Settings\All Users\Application Dataidafuba\dwzclgfk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

jlpjlp · Answer

slt,



télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 
C:\WINDOWS\system32\dqlklmfw.exe
C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe 


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

___________________



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 

_____________________


mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

dante · Answer

merci pour ton aide.
voici le rapport OTMoveIt:

C:\WINDOWS\system32\dqlklmfw.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_173513

le rapport de Combofix :

ComboFix 08-04-11.8 - sylvain-loic 2008-04-12 17:45:31.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.596 [GMT 2:00]
Endroit: C:\Documents and Settings\sylvain-loic\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PC-Cleaner
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\geBrsQkH.dll
C:\WINDOWS\system32\kdvkussk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rtCcLUtv.ini
C:\WINDOWS\system32\rtCcLUtv.ini2
C:\WINDOWS\system32\vtULcCtr.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xxyyaBsP.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\NPF

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 17:35 . 2008-04-12 17:35 <REP> d-------- C:\_OTMoveIt
2008-04-12 08:50 . 2008-04-12 08:50 3,648 --a------ C:\WINDOWS\system32\ogqghjsx.dll
2008-04-11 09:08 . 2008-04-11 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-11 08:50 . 2008-04-11 08:50 3,648 --a------ C:\WINDOWS\system32\cecgrfsk.dll
2008-04-10 19:47 . 2008-04-10 19:47 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner
2008-04-10 16:54 . 2008-04-10 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ridafuba
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\ScreenShow
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\Micro Application
2008-04-10 16:35 . 2008-04-10 16:35 <REP> d-------- C:\Program Files\Fichiers communs\AquaSoft
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Micro Application
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-05 10:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 10:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-02 09:17 . 2008-04-02 09:17 <REP> d--hs---- C:\FOUND.028
2008-03-27 13:13 . 2008-03-27 13:13 <REP> d--hs---- C:\FOUND.027

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 07:17 --------- d-----w C:\Documents and Settings\sylvain-loic\Application Data\Move Networks
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-02-16 09:32 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-02-16 09:32 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-16 09:32 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:31 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-02-16 09:31 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-02-16 09:31 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-02-16 09:31 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-02-16 09:31 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-02-16 09:31 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 08:46 288576]
"hpnhytce"="C:\WINDOWS\system32\dqlklmfw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:43 7397376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 09:43 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-19 23:14 282624]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-23 13:52 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ziIL6qrPiQ"= C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 17:58:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.LAUNCHER.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 18:00:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 16:00:36
Pre-Run: 7,445,217,280 octets libres
Post-Run: 7,409,598,464 octets libres
.
2008-04-10 18:37:04 --- E O F ---

jlpjlp · Answer

analyse ces deux fichiers et si inféctés tu les rajoute dans file  (dans la procedure qui suit)

https://www.virustotal.com/gui/

C:\WINDOWS\system32\ogqghjsx.dll
 C:\WINDOWS\system32\cecgrfsk.dll


___________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :









File::
C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe
C:\WINDOWS\system32\dqlklmfw.exe
C:\Documents and Settings\All Users\Application Data\ridafuba
C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ziIL6qrPiQ"=- 
"hpnhytce"=- 





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

dante · Answer

voila

rapport ComboFix :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 19:23:58
Windows 5.1.2600 Service Pack 2

scanning processes ...

IPC error: 2 Le fichier spécifié est introuvable.
System [4]
C:\WINDOWS\SYSTEM32\SMSS.EXE [816] 0x866B9DA0
C:\WINDOWS\system32\csrss.exe [880] 0x863B8020
C:\WINDOWS\system32\winlogon.exe [904] 0x865CEDA0
C:\WINDOWS\system32\services.exe [948] 0x863E91A0
C:\WINDOWS\system32\lsass.exe [968] 0x8669CDA0
C:\WINDOWS\system32\svchost.exe [1132] 0x8661BC98
C:\WINDOWS\system32\svchost.exe [1200] 0x86632BB8
C:\WINDOWS\system32\svchost.exe [1276] 0x865136F0
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [1344] 0x8632FB90
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1404] 0x86284DA0
C:\WINDOWS\system32\svchost.exe [1504] 0x8656F340
C:\WINDOWS\system32\svchost.exe [1560] 0x864572D8
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1872] 0x863304F8
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008] 0x863E9438
C:\Program Files\Alwil Software\Avast4\ashServ.exe [532] 0x8627DBF0
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [1456] 0x86749DA0
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE [1604] 0x864E64A8
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE [1676] 0x865F6528
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [1944] 0x86448538
C:\WINDOWS\EHOME\EHRECVR.EXE [136] 0x86496020
C:\WINDOWS\EHOME\EHSCHED.EXE [212] 0x863E5DA0
C:\WINDOWS\SYSTEM32\NVSVC32.EXE [404] 0x86611DA0
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE [428] 0x8644CB98
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE [1480] 0x866AF990
C:\WINDOWS\system32\svchost.exe [1740] 0x855C1990
C:\WINDOWS\system32\svchost.exe [1852] 0x855CDDA0
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE [2136] 0x85624DA0
C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE [2244] 0x863EFB28
C:\WINDOWS\ehome\mcrdsvc.exe [2412] 0x8560BDA0
C:\WINDOWS\system32\wbem\wmiprvse.exe [2688] 0x865DB020
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2884] 0x8561CDA0
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2912] 0x85601468
C:\WINDOWS\system32\dllhost.exe [2992] 0x8551FB28
C:\WINDOWS\system32\wbem\wmiprvse.exe [3000] 0x8551BBC0
C:\WINDOWS\System32\alg.exe [3228] 0x856233A8
C:\WINDOWS\EHOME\EHTRAY.EXE [3832] 0x855635B8
C:\WINDOWS\eHome\ehmsas.exe [3936] 0x85499DA0
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE [4012] 0x855ADBA8
C:\WINDOWS\AGRSMMSG.EXE [4084] 0x854A9BA0
C:\WINDOWS\RTHDCPL.EXE [2084] 0x85542998
C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE [2440] 0x85562020
C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE [2664] 0x8547C020
C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE [2860] 0x854843B8
C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE [3068] 0x85456C80
C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE [3204] 0x85614020
C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\EPOWER_DMC.EXE [3308] 0x85455020
C:\WINDOWS\system32\wbem\unsecapp.exe [3412] 0x8548B620
C:\ACER\EMPOWERING TECHNOLOGY\EPRESENTATION\EPRESENTATION.EXE [2468] 0x854B33B8
C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\ERAGENT.EXE [3456] 0x854B65C0
C:\WINDOWS\SYSTEM32\LVCOMSX.EXE [3448] 0x853BBB98
C:\PROGRAM FILES\ACER\ORBICAM\CAMERAASSISTANT.EXE [3552] 0x853B6DA0
C:\WINDOWS\SYSTEM32\ELKCTRL.EXE [3600] 0x854935B0
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [3664] 0x8548A020
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE [3704] 0x8544D3A8
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE [3736] 0x8544EAE8
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE [3804] 0x85517020
C:\WINDOWS\system32\ctfmon.exe [272] 0x853AE020
C:\Program Files\MSN Messenger\MsnMsgr.Exe [964] 0x8559E020
C:\Program Files\DNA\btdna.exe [1400] 0x8539ADA0
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.LAUNCHER.EXE [2544] 0x8536B538
C:\WINDOWS\system32\wuauclt.exe [4048] 0x856B13A8
C:\WINDOWS\system32\CF9272.exe [1816] 0x852E15B0
C:\WINDOWS\system32\CF9272.exe [4956] 0x8515EDA0
C:\WINDOWS\system32\CF9272.exe [868] 0x850A5B28
C:\KillBagle\catchme.cfexe [8052] 0x84FB3BA0
C:\KillBagle\sed.cfexe [6140] 0x850B4020
C:\327882R2FWJFW\pv.cfexe [7884] 0x85307BD0


rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [hpnhytce] C:\WINDOWS\system32\dqlklmfw.exe
O4 - HKLM\..\Policies\Explorer\Run: [ziIL6qrPiQ] C:\Documents and Settings\All Users\Application Dataidafuba\dwzclgfk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

jlpjlp · Answer

le rapport combofix n'est pas bon , il doit etre comme ton 2 eme message, recommence
svp

dante · Answer

rapport ComboFix :

ComboFix 08-04-11.8 - sylvain-loic 2008-04-12 20:08:15.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.534 [GMT 2:00]
Endroit: C:\Documents and Settings\sylvain-loic\Bureau\KillBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cecgrfsk.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 19:54 . 2008-04-12 19:54 <REP> d--hs---- C:\FOUND.030
2008-04-12 18:50 . 2008-04-12 18:50 <REP> d--hs---- C:\FOUND.029
2008-04-12 17:35 . 2008-04-12 17:35 <REP> d-------- C:\_OTMoveIt
2008-04-11 09:08 . 2008-04-11 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-10 19:47 . 2008-04-10 19:47 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner
2008-04-10 16:54 . 2008-04-10 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ridafuba
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\ScreenShow
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\Micro Application
2008-04-10 16:35 . 2008-04-10 16:35 <REP> d-------- C:\Program Files\Fichiers communs\AquaSoft
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Micro Application
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-05 10:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 10:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-02 09:17 . 2008-04-02 09:17 <REP> d--hs---- C:\FOUND.028
2008-03-27 13:13 . 2008-03-27 13:13 <REP> d--hs---- C:\FOUND.027

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 07:17 --------- d-----w C:\Documents and Settings\sylvain-loic\Application Data\Move Networks
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-02-16 09:32 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-02-16 09:32 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-16 09:32 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:31 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-02-16 09:31 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-02-16 09:31 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-02-16 09:31 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-02-16 09:31 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-02-16 09:31 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_18.00.19.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-11 19:32:12 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-12 18:02:20 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-07-11 19:32:22 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-12 18:02:24 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-07-11 19:32:22 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-12 18:02:04 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 19:32:24 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-12 18:02:26 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-07-11 19:32:20 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-12 18:02:12 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-07-11 19:32:08 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-12 18:02:28 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-07-11 19:32:08 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 18:02:28 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-07-11 19:32:28 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-12 18:02:24 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-07-11 19:32:16 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-12 18:02:10 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 19:32:12 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-12 18:02:16 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-07-11 19:32:08 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-12 18:02:10 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-07-11 19:32:10 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-12 18:02:20 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-07-11 19:32:20 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-12 18:02:22 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-07-11 19:32:20 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-12 18:02:22 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-07-11 19:32:22 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-12 18:02:22 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-07-11 19:32:10 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-12 18:02:28 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-07-11 19:32:12 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-12 18:02:28 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-07-11 19:32:12 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-12 18:02:30 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-07-11 19:32:12 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-12 18:02:30 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-07-11 19:32:10 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-12 18:02:22 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-07-11 19:32:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-12 18:02:22 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-07-11 19:32:30 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-12 18:02:20 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-07-11 19:32:06 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-12 18:02:26 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-07-11 19:32:30 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-12 18:02:20 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-07-11 19:32:32 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-12 18:02:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-07-11 19:32:08 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-12 18:02:28 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-07-11 19:32:08 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-12 18:02:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-07-11 19:32:08 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-12 18:02:20 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-07-11 19:32:26 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-12 18:02:24 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-07-11 19:32:14 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-12 18:02:24 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-07-11 19:32:26 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-12 18:02:12 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-07-11 19:32:24 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-12 18:02:14 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-07-11 19:32:10 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-12 18:02:14 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-07-11 19:32:20 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-12 18:02:30 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-07-11 19:32:14 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-12 18:02:30 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-07-11 19:32:14 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-12 18:02:18 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-07-11 19:32:14 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-12 18:02:26 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-07-11 19:32:26 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-12 18:02:08 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-07-11 19:32:24 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-12 18:02:28 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-07-11 19:32:28 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-12 18:02:26 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-07-11 19:32:24 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-12 18:02:26 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-07-11 19:32:24 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-12 18:02:24 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-07-11 19:32:12 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-12 18:02:08 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-07-11 19:32:16 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-12 18:02:08 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-07-11 19:32:28 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-12 18:02:16 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-07-11 19:32:16 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-12 18:02:16 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-07-11 19:32:16 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-12 18:02:16 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 19:32:18 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-12 18:02:18 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-07-11 19:32:18 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-12 18:02:08 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-07-11 19:32:26 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-12 18:02:14 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-12 18:03:56 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-12 18:07:16 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-12 18:07:40 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-12 18:07:42 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-12 18:07:42 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-12 18:07:58 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-12 18:08:08 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-12 18:06:54 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-23 23:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-23 23:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-23 23:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2006-12-22 11:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-23 23:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2007-07-11 19:32:48 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 18:02:38 64,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-11 19:32:48 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-12 18:02:38 78,346 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-07-11 19:32:48 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 18:02:38 408,004 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-11 19:32:48 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-12 18:02:38 476,522 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-12 18:05:24 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_318.dat
+ 2008-04-12 18:06:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
+ 2008-04-12 18:05:22 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_714.dat
+ 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 08:46 288576]
"hpnhytce"="C:\WINDOWS\system32\dqlklmfw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:43 7397376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 09:43 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-19 23:14 282624]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-23 13:52 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-11-25 01:31:53 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ziIL6qrPiQ"= C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 20:15:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] &q

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :









File::
C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe
C:\WINDOWS\system32\dqlklmfw.exe
C:\Documents and Settings\All Users\Application Data\ridafuba
C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ziIL6qrPiQ"=-
"hpnhytce"=-





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

dante · Answer

quand je lance Combofix avec le fichier j'ai l'ordi qui se plante.

dante · Answer

rapport Combofix :

ComboFix 08-04-11.8 - sylvain-loic 2008-04-12 21:46:01.9 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.581 [GMT 2:00]
Endroit: C:\Documents and Settings\sylvain-loic\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\sylvain-loic\Bureau\CFscript
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\All Users\Application Data\ridafuba
C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe
C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner
C:\WINDOWS\system32\dqlklmfw.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cecgrfsk.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 21:37 . 2008-04-12 21:37 <REP> d--hs---- C:\FOUND.032
2008-04-12 21:13 . 2008-04-12 21:13 <REP> d--hs---- C:\FOUND.031
2008-04-12 19:54 . 2008-04-12 19:54 <REP> d--hs---- C:\FOUND.030
2008-04-12 18:50 . 2008-04-12 18:50 <REP> d--hs---- C:\FOUND.029
2008-04-12 17:35 . 2008-04-12 17:35 <REP> d-------- C:\_OTMoveIt
2008-04-11 09:08 . 2008-04-11 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-10 19:47 . 2008-04-10 19:47 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\PC-Cleaner
2008-04-10 16:54 . 2008-04-10 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ridafuba
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\ScreenShow
2008-04-10 16:36 . 2008-04-10 16:36 <REP> d-------- C:\Documents and Settings\sylvain-loic\Application Data\Micro Application
2008-04-10 16:35 . 2008-04-10 16:35 <REP> d-------- C:\Program Files\Fichiers communs\AquaSoft
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Micro Application
2008-04-10 16:34 . 2008-04-10 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-05 10:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 10:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-02 09:17 . 2008-04-02 09:17 <REP> d--hs---- C:\FOUND.028
2008-03-27 13:13 . 2008-03-27 13:13 <REP> d--hs---- C:\FOUND.027

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 07:17 --------- d-----w C:\Documents and Settings\sylvain-loic\Application Data\Move Networks
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-02-16 09:32 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-02-16 09:32 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-16 09:32 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:31 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-02-16 09:31 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-02-16 09:31 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-02-16 09:31 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-02-16 09:31 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-02-16 09:31 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-12_20.30.25.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-12 18:53:38 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-12 18:54:16 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-12 18:54:18 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-12 18:54:18 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-12 18:54:20 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-12 18:54:20 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-12 18:54:24 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-12 18:54:26 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-12 18:54:30 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-12 18:54:30 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-12 18:54:34 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-12 18:54:36 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-12 18:54:36 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-12 18:54:38 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-12 18:54:38 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 18:54:40 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-12 18:54:40 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-12 18:54:42 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-12 18:55:00 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-12 18:55:00 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-12 18:55:02 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-12 18:54:56 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-12 19:38:58 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_218.dat
+ 2008-04-12 19:39:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7d0.dat
+ 2008-04-12 19:40:50 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_a24.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 08:46 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:43 7397376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 09:43 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-19 23:14 282624]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-23 13:52 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-11-25 01:31:53 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ziIL6qrPiQ"= C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 21:51:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-12 21:54:48
ComboFix-quarantined-files.txt 2008-04-12 19:54:28
ComboFix2.txt 2008-04-12 16:00:42
Pre-Run: 6,788,120,576 octets libres
Post-Run: 6,771,769,344 octets libres
.
2008-04-12 18:03:31 --- E O F ---

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:28, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ziIL6qrPiQ] C:\Documents and Settings\All Users\Application Data\ridafuba\dwzclgfk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

jlpjlp · Answer

parfait!

_____________

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

______________



 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

dante · Answer

voici le rapport kaspersky, que doi-je faire ensuite :

Sunday, April 13, 2008 4:13:00 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/04/2008
Enregistrements dans la base antivirus Kaspersky : 629397
 
 
Paramètres d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Poste de travail 
C:\
D:\
E:\  
 
Statistiques de l'analyse 
Total d'objets analysés 66515 
Nombre de virus trouvés 4 
Nombre d'objets infectés 14 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 00:39:50 

Nom de l'objet infecté Nom du virus Dernière action 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Media Ce.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Antivirus.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SOFTWARE  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SYSTEM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\DEFAULT  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Internet.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2\edb.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_f5c.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_708.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AC9FB321-C7EC-494F-94EE-1198163DE54C}.crmlog  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiaservc.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\WindowsUpdate.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiadebug.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Sti_Trace.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7912315D.wmf  Infecté : Exploit.Win32.IMG-WMF.v  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\586F3B2C.wmf  Infecté : Exploit.Win32.IMG-WMF.v  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F5C1F28.wmf  Infecté : Exploit.Win32.IMG-WMF.v  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings	emp\Fichiers Internet temporaires\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings	emp\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings	emp\History\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temp\Perflib_Perfdata_b58.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temp\~DF53CA.tmp  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db  L'objet est verrouillé  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP194\A0088511.exe/file11  Infecté : Trojan.Win32.Inject.on  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP194\A0088511.exe  Inno: infecté - 1  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP233\A0122090.exe/data0000.cab/EXTRAC~1.EXE  Infecté : Packed.Win32.Monder.gen  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP233\A0122090.exe/data0000.cab  Infecté : Packed.Win32.Monder.gen  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP233\A0122090.exe  Rsrc-Package: infecté - 2  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP235\A0122269.dll  Infecté : Packed.Win32.Monder.gen  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP236\A0122363.dll  Infecté : Trojan.Win32.KillAV.rf  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP236\A0123286.dll  Infecté : Trojan.Win32.KillAV.rf  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP250\change.log  L'objet est verrouillé  ignoré  
 
C:\QooBox\Quarantine\C\WINDOWS\system32\kdvkussk.dll.vir  Infecté : Packed.Win32.Monder.gen  ignoré  
 
C:\QooBox\Quarantine\C\WINDOWS\system32\cecgrfsk.dll.vir  Infecté : Trojan.Win32.KillAV.rf  ignoré  
 
C:\QooBox\Quarantine\C\WINDOWS\system32\ogqghjsx.dll.vir  Infecté : Trojan.Win32.KillAV.rf  ignoré  
 
Analyse terminée.

jlpjlp · Answer

ok

vire ce qui est en quarantaine dans norton

________________
vire ce qui est dans le dossier quarantine en allant dans poste de travail puis c puis qoobox

C:\QooBox\Quarantine

________________

désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
 puis réactive là :  https://www.informatruc.com

__________________

normalement c'est bon, tu peux verifier avec kaspersky, encore des soucis???

dante · Answer

merci beaucoup. voici le rapport et je n'est pas d'autre problème.

KASPERSKY ON-LINE SCANNER REPORT  
Sunday, April 13, 2008 9:48:58 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/04/2008
Enregistrements dans la base antivirus Kaspersky : 629765
 
 
Paramètres d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Poste de travail 
C:\
D:\
E:\  
 
Statistiques de l'analyse 
Total d'objets analysés 51062 
Nombre de virus trouvés 0 
Nombre d'objets infectés 0 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 00:31:11 

Nom de l'objet infecté Nom du virus Dernière action 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Media Ce.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Antivirus.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SOFTWARE  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SYSTEM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\DEFAULT  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Internet.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2\edb.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_288.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_e10.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B02CF1D4-8255-4EEB-85D7-B2C02C8044C1}.crmlog  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiaservc.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\WindowsUpdate.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiadebug.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Sti_Trace.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-13_Log.ALUSchedulerSvc.LiveUpdate  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temp\Perflib_Perfdata_d28.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temp\~DF4A96.tmp  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\sylvain-loic\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db  L'objet est verrouillé  ignoré  
 
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP2\change.log  L'objet est verrouillé  ignoré  
 
D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP2\change.log  L'objet est verrouillé  ignoré  
 
Analyse terminée.

jlpjlp · Answer

ok c'est bon

bonne continuation

Virus System Integrity Scan Wizard

14 réponses

Votre réponse

Discussions similaires

Newsletters