Comment supprimer Vundo ?

Erreur de ma part : Combofix tourne sur mon xp mais sur mon vista ça ne fonctionne pas ! Et le pc infecté est bel et bien un vista. Désolé !

Bonjour !

J'ai tenté plusieurs fois de lancer Combofix, il n'a pas fonctionné.
Je l'ai également téléchargé plusieurs fois, et de sources différentes, il n'a pas marché.

J'ai déjà essayé, et comme je l'ai dit ça ne fonctionne pas.
Je viens également de tenter d'installer CCleaner, et là, nouveau problème : impossible de l'installer.

J'ai l'erreur suivante : "Erreur de l'ouverture du fichier en écriture".

Il doit donc y avoir un problème quelquepart !

J'ai trouvé le problème de Combofix, il fallait l'exécuter en tant qu'administrateur.
Je te tiens au courant

Merci pour ton aide

Du coup, je n'ai pas essayé !
Je n'aime pas rester sur des problèmes non résolus, il fallait que je trouve la solution !

Combofix est en train de s'exécuter.

Les instructions ont été bien lues, les fenêtres toutes fermées, même chose pour l'anti-virus et la connexion Internet. J'ai à disposition deux pc, c'est avec le pc clean que je vous réponds !

Voici le rapport Combofix (je l'ai utilisé "normalement", j'entends par là que je me suis contenté de le lancer) :

ComboFix 08-05-21.3 - Olive 2008-05-24 17:47:02.2 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1083 [GMT 2:00]
Endroit: C:\Users\Olive\Desktop\ComboFix.exe
Command switches used :: C:\Users\Olive\Desktop\CFScript.lnk
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 14:26 1,572,864 --sha-w C:\Users\Charlène\NTUSER.DAT
2008-05-24 14:26 1,572,864 --sha-w C:\Users\Charlène\NTUSER.DAT
2008-05-24 13:51 --------- d-----w C:\Users\Charlène\AppData\Roaming\OpenOffice.org2
2008-05-19 15:57 109,056 ----a-w C:\Windows\System32\vlahlegm.dll
2008-05-17 16:17 --------- d-----w C:\Program Files\Google
2008-05-17 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:08 --------- d-----w C:\ProgramData\ScanSoft
2008-05-17 16:03 --------- d-----w C:\Program Files\Canon
2008-05-17 15:53 --------- d-----w C:\Users\Olive\AppData\Roaming\OpenOffice.org2
2008-05-17 08:43 --------- d-----w C:\Program Files\a-squared Free
2008-05-16 20:09 --------- d-----w C:\Program Files\The Cleaner Free
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 17:21 --------- d-----w C:\Users\Olive\AppData\Roaming\LimeWire
2008-04-30 10:40 --------- d-----w C:\Program Files\LimeWire
2008-04-08 13:45 --------- d-----w C:\Users\Olive\AppData\Roaming\Roxio
2008-04-02 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 17:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-31 17:48 --------- d-----w C:\Program Files\Windows Live
2008-03-31 17:47 --------- d-----w C:\ProgramData\WLInstaller
2008-03-31 17:46 --------- d-s---w C:\Users\Charlène\AppData\Roaming\Microsoft
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-03 10:53 118 ----a-w C:\Users\Charlène\AppData\Roaming\wklnhst.dat
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-12-06 20:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 20:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 20:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-24_16.38.03.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-24 15:46:53 5,894,144 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-05-24 14:35:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 14:35:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-24 14:35:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 14:43:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-24 14:35:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 14:43:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 14:35:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 14:43:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-24 14:29:42 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 14:41:06 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 14:29:43 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-24 14:41:07 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 14:29:43 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 14:41:07 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 14:29:43 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-24 14:41:07 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-19 16:02:21 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-24 14:42:40 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-24 14:24:29 7,956 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2797674674-2034626984-2998799533-1000_UserData.bin
+ 2008-05-24 14:40:06 8,210 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2797674674-2034626984-2998799533-1000_UserData.bin
- 2008-05-24 14:24:29 61,420 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 14:40:06 61,630 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-19 15:53:36 38,911,201 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-24 14:46:56 38,934,604 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2007-08-31 02:28:20 258,232 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\battc.sys
+ 2007-08-31 02:27:04 20,920 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\compbatt.sys
+ 2007-08-31 00:57:48 11,264 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\wmiacpi.sys
+ 2007-08-31 02:22:53 258,232 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\acpi.sys
+ 2007-08-31 02:21:27 28,344 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\battc.sys
+ 2007-08-31 02:21:14 20,920 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\compbatt.sys
+ 2007-08-31 01:02:00 11,264 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\wmiacpi.sys
+ 2007-08-31 02:27:20 28,344 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\battc.sys
+ 2007-08-31 00:57:48 14,208 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\CmBatt.sys
+ 2007-08-31 00:57:49 21,504 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\hidbatt.sys
+ 2007-08-31 02:21:27 28,344 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\battc.sys
+ 2007-08-31 01:02:00 14,208 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\CmBatt.sys
+ 2007-08-31 01:02:01 21,504 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\hidbatt.sys
+ 2007-05-04 00:31:44 53,760 ----a-w C:\Windows\winsxs\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6000.16481_none_74e5d15989a08e89\hdaudbus.sys
+ 2007-05-05 00:37:12 53,760 ----a-w C:\Windows\winsxs\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6000.20592_none_75659e82a2c5639b\hdaudbus.sys
+ 2008-01-29 00:15:55 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16633_none_0a1e8a9df53b7ab4\AcRes.dll
+ 2008-01-30 00:29:13 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20762_none_0a86b75b0e7254fa\AcRes.dll
+ 2008-01-29 04:16:31 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16633_none_0a208b31f539ad62\AcGenral.dll
+ 2008-01-30 04:24:55 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20762_none_0a88b7ef0e7087a8\AcGenral.dll
+ 2008-01-29 04:16:31 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16633_none_0a218b7bf538c6b9\AcSpecfc.dll
+ 2008-01-30 04:24:56 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20762_none_0a89b8390e6fa0ff\AcSpecfc.dll
+ 2008-01-29 04:16:31 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16633_none_0a228bc5f537e010\AcLayers.dll
+ 2008-01-29 04:16:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16633_none_0a228bc5f537e010\AcXtrnal.dll
+ 2008-01-30 04:24:55 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20762_none_0a8ab8830e6eba56\AcLayers.dll
+ 2008-01-30 04:24:56 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20762_none_0a8ab8830e6eba56\AcXtrnal.dll
+ 2007-06-27 02:21:31 1,984,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5\authui.dll
+ 2007-06-27 02:14:53 1,984,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.20628_none_0a893bce1167f643\authui.dll
+ 2007-06-27 02:21:23 967,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6000.16513_none_8f02a43161a69634\WinCal.exe
+ 2007-06-27 01:22:15 967,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6000.20628_none_8f8672827ac7d0a2\WinCal.exe
+ 2007-06-29 02:21:13 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.16515_none_663e618f9f0e757e\dps.dll
+ 2007-06-29 02:21:53 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.20630_none_66ad5d10b840ce77\dps.dll
+ 2007-06-26 02:49:06 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcmonitor.dll
+ 2007-06-26 02:49:06 204,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc.dll
+ 2007-06-26 02:49:06 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc6.dll
+ 2007-06-26 02:36:21 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcmonitor.dll
+ 2007-06-26 02:36:21 203,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc.dll
+ 2007-06-26 02:36:21 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc6.dll
+ 2007-08-27 03:10:03 2,923,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
+ 2007-08-27 02:01:58 2,923,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
+ 2008-01-29 04:16:32 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16633_none_3ffca182c42c1062\gameux.dll
+ 2008-01-29 00:30:10 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16633_none_3ffca182c42c1062\GameUXLegacyGDFs.dll
+ 2008-01-30 04:26:09 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20762_none_4064ce3fdd62eaa8\gameux.dll
+ 2008-01-30 00:43:26 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20762_none_4064ce3fdd62eaa8\GameUXLegacyGDFs.dll
+ 2007-07-03 02:08:22 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.16517_none_a9de8a2ce66804b6\cdd.dll
+ 2007-07-03 01:01:16 619,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.16517_none_a9de8a2ce66804b6\dxgkrnl.sys
+ 2007-07-03 02:16:20 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.20632_none_aa4d85adff9a5daf\cdd.dll
+ 2007-07-03 01:07:51 619,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6000.20632_none_aa4d85adff9a5daf\dxgkrnl.sys
+ 2007-09-11 02:20:02 356,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.0.6000.16557_none_890b997ff4e3a637\MediaMetadataHandler.dll
+ 2007-09-08 04:52:23 356,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.0.6000.20676_none_897e96290e12648c\MediaMetadataHandler.dll
+ 2007-09-11 02:21:17 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\dxmasf.dll
+ 2007-09-11 02:21:01 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\spwmp.dll
+ 2007-09-11 02:21:39 10,617,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmp.dll
+ 2007-09-11 02:19:09 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmpconfig.exe
+ 2007-09-11 02:19:09 168,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmplayer.exe
+ 2007-09-11 01:36:49 8,147,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmploc.DLL
+ 2007-09-11 02:19:10 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\wmpshare.exe
+ 2007-09-08 04:53:43 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\dxmasf.dll
+ 2007-09-08 04:53:26 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\spwmp.dll
+ 2007-09-08 04:54:02 10,616,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmp.dll
+ 2007-09-08 04:14:59 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmpconfig.exe
+ 2007-09-08 04:14:51 168,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmplayer.exe
+ 2007-09-08 04:14:54 8,147,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmploc.DLL
+ 2007-09-08 04:14:35 107,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20676_none_09c771a66b4426e8\wmpshare.exe
+ 2007-07-03 02:13:44 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msftedit_31bf3856ad364e35_6.0.6000.16517_none_d3e6ea943a0ccc2e\msftedit.dll
+ 2007-07-03 02:18:02 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msftedit_31bf3856ad364e35_6.0.6000.20632_none_d455e615533f2527\msftedit.dll
+ 2007-06-21 02:12:44 268,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6000.16509_none_182f5e49b7a9aadf\mcbuilder.exe
+ 2007-06-21 00:51:18 268,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6000.20624_none_189e59cad0dc03d8\mcbuilder.exe
+ 2008-01-19 03:06:36 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16632_none_4d03fb3a91e27bd0\nwifi.sys
+ 2008-01-19 02:32:39 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20757_none_4d7cf99fab0bd22f\nwifi.sys
+ 2007-07-03 02:14:14 384,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6000.16517_none_3c2ad8f2286305c8\netcfgx.dll
+ 2007-07-03 02:18:48 384,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6000.20632_none_3c99d47341955ec1\netcfgx.dll
+ 2007-10-26 11:12:53 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2007-10-26 04:22:05 1,061,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
+ 2007-12-16 22:52:59 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat
+ 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat
+ 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat
+ 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat
+ 2007-06-19 00:48:30 320,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6000.16508_none_9c6a0aab5eb986b6\csc.sys
+ 2007-06-19 02:09:12 105,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6000.16508_none_9c6a0aab5eb986b6\CscMig.dll
+ 2007-06-19 00:49:28 320,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6000.20622_none_9cd805e277ecc658\csc.sys
+ 2007-06-19 02:03:43 105,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6000.20622_none_9cd805e277ecc658\CscMig.dll
+ 2007-10-30 03:12:15 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16588_none_bacb6cf1fe8d4f50\oleaut32.dll
+ 2007-10-30 03:56:09 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20711_none_bb99b91117787749\oleaut32.dll
+ 2007-06-28 02:30:09 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe
+ 2007-06-28 02:30:09 3,470,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe
+ 2007-08-29 03:11:59 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
+ 2007-08-29 03:11:57 3,471,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
+ 2007-10-24 03:58:11 3,504,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe
+ 2007-10-24 03:58:10 3,470,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe
+ 2007-06-28 02:29:58 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe
+ 2007-06-28 02:29:57 3,470,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe
+ 2007-08-29 02:50:20 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe
+ 2007-08-29 02:50:18 3,471,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe
+ 2007-10-24 04:13:51 3,505,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe
+ 2007-10-24 04:13:50 3,471,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe
+ 2007-06-29 02:21:45 694,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.16515_none_2e2f4ef5958b2567\localspl.dll
+ 2007-06-29 02:22:49 694,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.20630_none_2e9e4a76aebd7e60\localspl.dll
+ 2007-06-26 02:51:24 220,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.16512_none_ee146a58804bf72b\ntprint.dll
+ 2007-06-26 02:21:16 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.16512_none_ee146a58804bf72b\ntprint.exe
+ 2007-06-26 02:38:21 220,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.20627_none_ee9838a9996d3199\ntprint.dll
+ 2007-06-26 02:10:18 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6000.20627_none_ee9838a9996d3199\ntprint.exe
+ 2007-06-22 02:16:39 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16510_none_69dd6e605b578d62\PhotoScreensaver.scr
+ 2007-08-30 04:00:33 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4\PhotoScreensaver.scr
+ 2007-06-22 01:31:04 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20625_none_6a613cb17478c7d0\PhotoScreensaver.scr
+ 2007-08-30 02:40:37 704,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29\PhotoScreensaver.scr
+ 2007-07-04 01:27:33 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\pacer.sys
+ 2007-07-04 02:22:30 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\pacerprf.dll
+ 2007-07-04 02:22:55 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\traffic.dll
+ 2007-07-04 02:23:18 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.16518_none_ac625a685a7efa74\wshqos.dll
+ 2007-07-04 01:26:58 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\pacer.sys
+ 2007-07-04 02:15:22 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\pacerprf.dll
+ 2007-07-04 02:15:47 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\traffic.dll
+ 2007-07-04 02:16:06 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6000.20633_none_acd155e973b1536d\wshqos.dll
+ 2007-07-04 01:28:10 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\ndistapi.sys
+ 2007-07-04 01:28:13 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\ndproxy.sys
+ 2007-07-04 02:22:38 77,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rascfg.dll
+ 2007-07-04 02:22:38 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasdiag.dll
+ 2007-07-04 02:22:38 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasmxs.dll
+ 2007-07-04 02:22:38 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\rasser.dll
+ 2007-07-04 01:28:17 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.16518_none_0bf759b97d499daa\wanarp.sys
+ 2007-07-04 01:27:35 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\ndistapi.sys
+ 2007-07-04 01:27:38 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\ndproxy.sys
+ 2007-07-04 02:15:28 77,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rascfg.dll
+ 2007-07-04 02:15:28 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasdiag.dll
+ 2007-07-04 02:15:29 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasmxs.dll
+ 2007-07-04 02:15:29 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\rasser.dll
+ 2007-07-04 01:27:42 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6000.20633_none_0c66553a967bf6a3\wanarp.sys
+ 2007-07-03 02:14:39 467,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.16517_none_9b16a5648576e40a\riched20.dll
+ 2007-07-03 02:14:39 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.16517_none_9b16a5648576e40a\riched32.dll
+ 2007-07-03 02:19:22 467,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.20632_none_9b85a0e59ea93d03\riched20.dll
+ 2007-07-03 02:19:22 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6000.20632_none_9b85a0e59ea93d03\riched32.dll
+ 2007-06-21 02:15:28 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16509_none_c3421cfda8beb1db\SLC.dll
+ 2007-06-21 02:08:07 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.20624_none_c3b1187ec1f10ad4\SLC.dll
+ 2007-08-29 03:06:53 542,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.16551_none_3b32a26ce33869cb\sysmain.dll
+ 2007-08-29 02:45:24 542,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.20670_none_3ba59f15fc672820\sysmain.dll
+ 2007-06-21 02:15:29 566,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLCommDlg.dll
+ 2007-06-21 02:12:55 186,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLLUA.exe
+ 2007-06-21 02:12:55 351,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLUI.exe
+ 2007-06-21 02:15:29 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.16509_none_889ab124b8091615\SLUINotify.dll
+ 2007-06-21 02:08:07 566,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLCommDlg.dll
+ 2007-06-21 01:06:23 186,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLLUA.exe
+ 2007-06-21 01:06:32 351,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLUI.exe
+ 2007-06-21 02:08:07 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6000.20624_none_8909aca5d13b6f0e\SLUINotify.dll
+ 2007-06-21 02:15:28 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.16509_none_4c9a3f87fc5750bf\slcinst.dll
+ 2007-06-21 02:12:55 2,605,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.16509_none_4c9a3f87fc5750bf\SLsvc.exe
+ 2007-06-21 02:08:07 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.20624_none_4d093b091589a9b8\slcinst.dll
+ 2007-06-21 01:50:39 2,605,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.20624_none_4d093b091589a9b8\SLsvc.exe
+ 2007-06-21 02:15:29 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wmi_31bf3856ad364e35_6.0.6000.16509_none_4c6f7771fc7773a0\slwmi.dll
+ 2007-06-21 02:08:07 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wmi_31bf3856ad364e35_6.0.6000.20624_none_4cde72f315a9cc99\slwmi.dll
+ 2007-06-19 02:10:48 269,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16508_none_20380cd258151361\schannel.dll
+ 2007-06-19 02:05:45 269,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.20622_none_20a6080971485303\schannel.dll
+ 2007-05-24 02:25:48 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.0.6000.16493_none_58a4e9811f22ea1c\sendmail.dll
+ 2007-05-24 02:19:34 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.0.6000.20605_none_5991d81237f5be42\sendmail.dll
+ 2007-07-12 04:08:09 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.16522_none_02d37ed64c3424df\icsunattend.exe
+ 2007-07-12 04:09:14 286,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.16522_none_02d37ed64c3424df\ipnathlp.dll
+ 2007-07-12 01:52:52 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.20638_none_03584d71655478a4\icsunattend.exe
+ 2007-07-12 02:43:31 285,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6000.20638_none_03584d71655478a4\ipnathlp.dll
+ 2007-06-27 02:23:27 11,315,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
+ 2007-06-27 02:17:57 11,315,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
+ 2007-07-13 02:20:52 8,138,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6000.16523_none_36921e330a735e63\ssBranded.scr
+ 2007-07-13 01:19:54 8,138,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6000.20639_none_3716ecce2393b228\ssBranded.scr
+ 2007-08-31 02:17:56 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.16553_none_c5179c13c95485bd\wtsapi32.dll
+ 2007-08-31 02:14:51 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.20672_none_c58a98bce2834412\wtsapi32.dll
+ 2007-06-27 02:21:31 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\avicap32.dll
+ 2007-06-27 02:21:31 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\avifil32.dll
+ 2007-06-27 02:22:18 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\mciavi32.dll
+ 2007-06-27 02:22:36 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msrle32.dll
+ 2007-06-27 02:22:39 123,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msvfw32.dll
+ 2007-06-27 02:22:39 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16513_none_9043e1118ba0edc7\msvidc32.dll
+ 2007-06-27 02:14:54 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\avicap32.dll
+ 2007-06-27 02:14:54 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\avifil32.dll
+ 2007-06-27 02:16:24 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\mciavi32.dll
+ 2007-06-27 02:16:47 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msrle32.dll
+ 2007-06-27 02:16:50 123,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msvfw32.dll
+ 2007-06-27 02:16:50 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.20628_none_90c7af62a4c22835\msvidc32.dll
+ 2007-08-29 01:52:47 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16551_none_b6d829dc9d87e0b4\win32k.sys
+ 2007-08-29 01:35:43 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20670_none_b74b2685b6b69f09\win32k.sys
+ 2007-05-24 02:26:10 712,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16493_none_943d269aa43dda3a\WindowsCodecs.dll
+ 2007-05-24 02:19:50 712,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20605_none_952a152bbd10ae60\WindowsCodecs.dll
+ 2007-08-29 03:07:04 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanapi.dll
+ 2007-08-29 03:07:04 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanhlp.dll
+ 2007-08-29 03:07:04 290,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanmsm.dll
+ 2007-08-29 03:07:05 297,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansec.dll
+ 2007-08-29 03:07:05 502,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansvc.dll
+ 2007-08-29 02:45:37 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanapi.dll
+ 2007-08-29 02:45:38 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanhlp.dll
+ 2007-08-29 02:45:38 289,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanmsm.dll
+ 2007-08-29 02:45:38 299,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansec.dll
+ 2007-08-29 02:45:38 502,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansvc.dll
+ 2007-08-31 02:17:42 356,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.16553_none_0161deb32631b63d\wbemcomn.dll
+ 2007-08-31 02:14:37 356,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.20672_none_01d4db5c3f607492\wbemcomn.dll
+ 2008-05-24 14:44:21 1,275,392 ----a-w C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7\msxml4.dll
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2007-12-16 09:50:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\aliide.sys
+ 2008-01-19 05:06:40 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\amdide.sys
+ 2008-01-19 05:06:48 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
+ 2008-01-19 05:08:03 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\ataport.sys
+ 2008-01-19 05:06:41 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\cmdide.sys
+ 2008-01-19 05:06:34 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\intelide.sys
+ 2008-01-19 05:06:55 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\msahci.sys
+ 2008-01-19 05:06:34 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciide.sys
+ 2008-01-19 05:07:19 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciidex.sys
+ 2008-01-19 05:07:08 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\viaide.sys
+ 2008-01-19 04:33:11 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\aliide.sys
+ 2008-01-19 04:33:11 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\amdide.sys
+ 2008-01-19 04:33:23 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
+ 2008-01-19 04:34:32 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\ataport.sys
+ 2008-01-19 04:33:17 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\cmdide.sys
+ 2008-01-19 04:33:16 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\intelide.sys
+ 2008-01-19 04:33:29 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\msahci.sys
+ 2008-01-19 04:33:11 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciide.sys
+ 2008-01-19 04:33:50 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciidex.sys
+ 2008-01-19 04:34:00 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\viaide.sys
+ 2007-09-01 02:23:47 81,592 ----a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.16554_none_432055ecf9219c67\sbp2port.sys
+ 2007-09-01 02:22:02 81,592 ----a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.20673_none_4393529612505abc\sbp2port.sys
+ 2007-04-28 02:15:33 82,432 ----a-w C:\Windows\winsxs\x86_sdbus.inf_31bf3856ad364e35_6.0.6000.16478_none_6fb8cd2dcd6214ea\sdbus.sys
+ 2007-04-28 02:10:55 82,432 ----a-w C:\Windows\winsxs\x86_sdbus.inf_31bf3856ad364e35_6.0.6000.20588_none_70379a0ce687d0a5\sdbus.sys
+ 2007-04-28 02:35:46 13,312 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffdisk.sys
+ 2007-04-28 02:35:46 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffp_mmc.sys
+ 2007-04-28 02:35:45 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.16478_none_a211996cecf4f6d9\sffp_sd.sys
+ 2007-04-28 02:28:23 13,312 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffdisk.sys
+ 2007-04-28 02:28:23 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffp_mmc.sys
+ 2007-04-28 02:28:23 12,800 ----a-w C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6000.20588_none_a290664c061ab294\sffp_sd.sys
+ 2007-04-28 02:39:34 55,296 ----a-w C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
+ 2007-04-28 02:31:47 55,296 ----a-w C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
+ 2007-10-26 11:14:11 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
+ 2007-10-26 04:22:53 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC2C65E7-18A4-4CFF-B0B0-E93358B5FF79}]
C:\Users\Olive\AppData\Local\Temp\byXnmlMF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-15 20:08 98304]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 07:11 303104 C:\Windows\sttray.exe]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-28 01:15 1540096]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"BM6b1bbf98"="C:\Windows\system32\vlahlegm.dll" [2008-05-19 17:57 109056]

C:\Users\CharlŠne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}"= C:\Windows\system32\fccawTnk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9FC50E8-59B4-4DFE-AC21-80BCA26C468B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{167268F2-8413-48FB-8845-6B32F6EA6D86}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 01:10]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-15 20:07]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2006-10-19 18:27]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2006-10-19 18:29]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 17:48:46
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 17:49:47
ComboFix-quarantined-files.txt 2008-05-24 15:49:42
ComboFix2.txt 2008-05-24 14:38:37

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

364 --- E O F --- 2008-05-24 14:50:43

Vraiment désolé j'ai dû confondre...

Voici donc le dernier log, et j'en suis sûr !


ComboFix 08-05-21.3 - Olive 2008-05-24 21:40:14.5 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1504 [GMT 2:00]
Endroit: C:\Users\Olive\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 18:39 . 2008-05-24 18:39 <REP> d-------- C:\_OTMoveIt
2008-05-24 14:15 . 2008-05-24 14:15 <REP> d-------- C:\VundoFix Backups
2008-05-17 18:05 . 2008-05-17 18:05 59 --a------ C:\Windows\wininit.ini
2008-05-17 17:51 . 2008-05-17 17:51 268 --ah----- C:\sqmdata01.sqm
2008-05-17 17:51 . 2008-05-17 17:51 244 --ah----- C:\sqmnoopt01.sqm
2008-05-17 16:36 . 2008-05-17 16:36 268 --ah----- C:\sqmdata00.sqm
2008-05-17 16:36 . 2008-05-17 16:36 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 16:35 . 2006-11-15 20:08 167,936 --a------ C:\Windows\System32\igfxres.dll
2008-05-17 10:44 . 2008-05-17 10:44 215 --a------ C:\Windows\System32\MRT.INI
2008-05-16 22:20 . 2008-05-17 10:43 <REP> d-------- C:\Program Files\a-squared Free
2008-05-16 20:46 . 2008-05-16 22:09 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-29 19:41 . 2008-04-30 12:40 <REP> d-------- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 16:29 174 --sha-w C:\Program Files\desktop.ini
2008-05-24 16:25 --------- d-----w C:\Program Files\Windows Mail
2008-05-24 16:25 --------- d-----w C:\Program Files\Windows Calendar
2008-05-24 14:26 1,572,864 --sha-w C:\Users\Charlène\NTUSER.DAT
2008-05-24 14:26 1,572,864 --sha-w C:\Users\Charlène\NTUSER.DAT
2008-05-24 13:51 --------- d-----w C:\Users\Charlène\AppData\Roaming\OpenOffice.org2
2008-05-17 16:17 --------- d-----w C:\Program Files\Google
2008-05-17 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:08 --------- d-----w C:\ProgramData\ScanSoft
2008-05-17 16:03 --------- d-----w C:\Program Files\Canon
2008-05-17 15:53 --------- d-----w C:\Users\Olive\AppData\Roaming\OpenOffice.org2
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 17:21 --------- d-----w C:\Users\Olive\AppData\Roaming\LimeWire
2008-04-08 13:45 --------- d-----w C:\Users\Olive\AppData\Roaming\Roxio
2008-04-02 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 17:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-31 17:48 --------- d-----w C:\Program Files\Windows Live
2008-03-31 17:47 --------- d-----w C:\ProgramData\WLInstaller
2008-03-31 17:46 --------- d-s---w C:\Users\Charlène\AppData\Roaming\Microsoft
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-03 10:53 118 ----a-w C:\Users\Charlène\AppData\Roaming\wklnhst.dat
2007-12-06 20:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 20:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 20:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-24_20.11.04,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-24 18:06:33 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 19:39:39 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-24 16:47:27 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 18:13:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 16:47:27 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-24 18:13:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 16:47:27 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 18:13:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 16:47:27 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-24 18:13:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-24 16:10:30 216,732 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-05-24 19:39:40 218,856 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-15 20:08 98304]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 07:11 303104 C:\Windows\sttray.exe]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-28 01:15 1540096]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]

C:\Users\CharlŠne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9FC50E8-59B4-4DFE-AC21-80BCA26C468B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{167268F2-8413-48FB-8845-6B32F6EA6D86}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 01:10]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-15 20:07]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2006-10-19 18:27]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2006-10-19 18:29]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 21:41:17
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 21:42:02
ComboFix-quarantined-files.txt 2008-05-24 19:41:58
ComboFix2.txt 2008-05-24 18:11:22
ComboFix3.txt 2008-05-24 16:06:41
ComboFix4.txt 2008-05-24 15:49:47
ComboFix5.txt 2008-05-24 14:38:37

Pre-Run: 105,512,112,128 octets libres
Post-Run: 105,483,927,552 octets libres

123 --- E O F --- 2008-05-24 14:50:43

Et voici le rapport :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 784

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 128318
Temps écoulé: 21 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\fccawTnk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Charlène\AppData\Local\Temp\bYOiifEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Charlène\AppData\Local\Temp\fcCttqoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Charlène\AppData\Local\Temp\nnnmmnkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Charlène\AppData\Local\Temp\tmp0000f823 (Trojan.Vundo) -> Quarantined and deleted successfully.

Voici le rapport :


25/05/2008 a 0:01:05,63

*** Recherche C:

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND

*** Recherche C:\Program Files
*** End of the report !

Bonjour !

Voici le rapport clean :

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 25/05/2008 a 15:23:28,43

Microsoft Windows [version 6.0.6000]

*** Suppression C:

*** Suppression C:\Windows\

*** Suppression C:\Windows\system32
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !



Voici le hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:56, on 25/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\sttray.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\System32\Pmxmiced.exe
C:\Users\Olive\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe