Virus Alert !

Résolu
Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

J'ai un petit problème que vous avez déjà résolu. En effet j'ai le message : "VIRUS ALERT!" inscrit dans la barre de tâches à coté de l'horloge. De plus je n'ai plus acces au poste de travail ainsi qu'à mon disque dur... Embetant. J'ai vu qu'un probleme ainsi a déjà été traité mais est ce que la procédure est là même du fait que l'ordinateur est différent ?

Merci d'avance pour votre aide.

J'ai déjà fait un rapport avec Hijackthis, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08: VIRUS ALERT!, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\TMController.exe
C:\Program Files\DVBT Application\Schedule_d.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSA\MSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {4F65E669-894E-3D11-9404-4F3828BDD82D} - C:\WINDOWS\system32\mmx66122.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: QXK Olive - {ACEF4ADB-7246-465A-A526-5629020DCCB3} - C:\WINDOWS\vanwxemggvd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: gksraemq - {68A5923E-76A7-44CE-9B04-1F6C33F2DEBC} - C:\WINDOWS\gksraemq.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TM Control] C:\WINDOWS\system32\TMController.exe
O4 - HKLM\..\Run: [Schedule_d] "C:\Program Files\DVBT Application\Schedule_d.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\VIE56.exe] C:\Windows\System32\VIE56.exe
O4 - HKLM\..\Run: [\VIE57.exe] C:\Windows\System32\VIE57.exe
O4 - HKLM\..\Run: [\VIE58.exe] C:\Windows\System32\VIE58.exe
O4 - HKLM\..\Run: [\VIE59.exe] C:\Windows\System32\VIE59.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Arnaud\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Run: [\VIE56.exe] C:\Windows\System32\VIE56.exe
O4 - HKCU\..\Run: [\VIE57.exe] C:\Windows\System32\VIE57.exe
O4 - HKCU\..\Run: [\VIE58.exe] C:\Windows\System32\VIE58.exe
O4 - HKCU\..\Run: [\VIE59.exe] C:\Windows\System32\VIE59.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: xrdwbfgn - {70E1DFED-5B37-4F8F-AC0A-9CD29AD36AB9} - C:\WINDOWS\xrdwbfgn.dll
O21 - SSODL: dgksvbpn - {09C3F9AF-54B3-42BE-9476-9E7844CC1EB6} - C:\WINDOWS\dgksvbpn.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8306 bytes
Configuration: Windows XP
Internet Explorer 6.0

32 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut,

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    0
  2. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voici donc le rapport :

    SmitFraudFix v2.345

    Rapport fait à 13:20:41,68, 03/09/2008
    Executé à partir de D:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\WINDOWS\system32\TMController.exe
    C:\Program Files\DVBT Application\Schedule_d.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\MSA\MSA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\privacy_danger PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\1.ico PRESENT !
    C:\WINDOWS\system32\2.ico PRESENT !
    C:\WINDOWS\system32\VIE5.exe PRESENT !
    C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arnaud

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arnaud\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Arnaud\Favoris

    C:\DOCUME~1\Arnaud\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Arnaud\Favoris\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Arnaud\Favoris\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\Arnaud\Bureau\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Arnaud\Bureau\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Arnaud\Bureau\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\PCHealthCenter\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    xpdx détecté, utilisez un scanner de Rootkit
    xpdt détecté, utilisez un scanner de Rootkit
    huy32 détecté, utilisez un scanner de Rootkit
    pe386 détecté, utilisez un scanner de Rootkit
    lzx32 détecté, utilisez un scanner de Rootkit
    msguard détecté, utilisez un scanner de Rootkit

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link AirPlus DWL-520+ Wireless PCI Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F56CCACB-772A-4A34-AEEF-0CB42FCE848F}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F56CCACB-772A-4A34-AEEF-0CB42FCE848F}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F56CCACB-772A-4A34-AEEF-0CB42FCE848F}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. Utilisateur anonyme
     
    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    0
  4. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Je n'arrive pas à lancer smitfraudfix en mode sans echec... Une fenetre noire apparait puis disparait.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Pareil en mode normal, Smitfraudfix ne marche plus. J'ai même essayé de le re-télécharger... Sans succes.
    0
  7. Utilisateur anonyme
     
    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  8. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Je n'ai pas put faire une recherche complete car mon pc plantait sans cesse sans même finir. Donc j'en ai fait une rapide, il m'a demandé de redemarrer mon pc mais depuis... Il ne s'allume plus... :s Voilà quand même le rapport :

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1106
    Windows 5.1.2600 Service Pack 2

    03/09/2008 14:48:48
    mbam-log-2008-09-03 (14-48-48).txt

    Type de recherche: Examen rapide
    Eléments examinés: 41374
    Temps écoulé: 3 minute(s), 27 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 5
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 31
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 56

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\VIE1.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\mmx66122.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\vanwxemggvd.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\xrdwbfgn.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\gksraemq.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\dgksvbpn.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\TypeLib\{dd596568-d7f4-3b99-a9f6-9e735bea6da6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{316e99f3-1709-3c80-82fa-f072453c411b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4f65e669-894e-3d11-9404-4f3828bdd82d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f65e669-894e-3d11-9404-4f3828bdd82d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{98ea38de-38cc-4a46-a17c-b665778c29cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07a390d4-5b90-4638-8254-2fcf96cb4ed3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{139cfa17-0694-46a1-849e-1a4bf395be9c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{acef4adb-7246-465a-a526-5629020dccb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acef4adb-7246-465a-a526-5629020dccb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70e1dfed-5b37-4f8f-ac0a-9cd29ad36ab9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{a113cdaa-8558-4bfb-94bb-4c59c00d47df} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0d947bc4-26ad-4327-975c-52ab82f9ee97} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{68a5923e-76a7-44ce-9b04-1f6c33f2debc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{09c3f9af-54b3-42be-9476-9e7844cc1eb6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gksraemq.bvqm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie57.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie59.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vied.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viee.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie57.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie59.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vied.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viee.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{68a5923e-76a7-44ce-9b04-1f6c33f2debc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\VIE1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\eovl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mmx66122.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\mx66122.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VIE5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Delete on reboot.
    C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Local Settings\Temp\HDVideodll_ver1.5861.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Application Data\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\WINDOWS\vanwxemggvd.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\xrdwbfgn.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\gksraemq.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\dgksvbpn.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Documents and Settings\Arnaud\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\GAY and LESBIAN.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\PORN DVDs.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Arnaud\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    0
  9. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message
    0
  10. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    J'ai téléchargé Combofix je l'ouvre mais rien ne se produit...
    0
  11. Utilisateur anonyme
     
    REFAIS un scan rapide malewarebyte et post le rapport ensuite refais un scan hijackthis et psot le rapport aussi
    0
  12. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voici le rapport malewarebyte :

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1106
    Windows 5.1.2600 Service Pack 2

    03/09/2008 16:15:54
    mbam-log-2008-09-03 (16-15-54).txt

    Type de recherche: Examen rapide
    Eléments examinés: 41034
    Temps écoulé: 2 minute(s), 22 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

    _________________________________________________________________________________

    Et le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:32:18, on 03/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\WINDOWS\system32\TMController.exe
    C:\Program Files\DVBT Application\Schedule_d.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TM Control] C:\WINDOWS\system32\TMController.exe
    O4 - HKLM\..\Run: [Schedule_d] "C:\Program Files\DVBT Application\Schedule_d.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    O24 - Desktop Component 0: Privacy Protection - (no file)
    0
  13. Utilisateur anonyme
     
    refais le scan malewarebyte en mode sans echec (les rootkit s accroche)

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    -> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/
    0
  14. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voilà :

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1106
    Windows 5.1.2600 Service Pack 2

    03/09/2008 16:55:04
    mbam-log-2008-09-03 (16-55-04).txt

    Type de recherche: Examen rapide
    Eléments examinés: 40154
    Temps écoulé: 5 minute(s), 58 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    0
  15. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Ok Combofix marche, je te post le rapport après. Merci pour tout en tout cas ! ;)
    0
  16. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voilà le rapport combofix :

    ComboFix 08-09-01.05 - Arnaud 2008-09-03 17:22:31.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.646 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Arnaud\Application Data\Adobe\crc.dat
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\XDGFCJ6L\bin.clearspring.com
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\XDGFCJ6L\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\Arnaud\Cookies\arnaud@ad.yieldmanager[2].txt
    C:\Documents and Settings\Arnaud\Cookies\arnaud@clickintext[1].txt
    C:\Documents and Settings\Arnaud\Cookies\arnaud@ehg-dig.hitbox[1].txt

    ----- BITS: Possible sites infect‚s -----

    http://hqsextube08.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-03 14:49 . 2008-09-03 14:49 61,440 --a------ C:\WINDOWS\system32\drivers\iora.sys
    2008-09-03 14:12 . 2008-09-03 14:12 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
    2008-09-03 14:11 . 2008-09-03 14:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 14:11 . 2008-09-03 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 14:11 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 14:11 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 13:08 . 2008-09-03 13:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 11:14 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
    2008-09-03 10:45 . 2008-09-03 15:13 <REP> d-------- C:\Program Files\MSA
    2008-09-03 10:45 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
    2008-09-02 19:19 . 2008-09-02 20:09 <REP> d-------- C:\Program Files\DOSBox-0.72
    2008-09-02 18:37 . 2008-09-02 18:37 <REP> d-------- C:\Documents and Settings\Arnaud\WINDOWS
    2008-09-02 01:18 . 2008-09-02 19:10 <REP> d-------- C:\Program Files\UtopiaBOX 2.02
    2008-08-28 18:41 . 2008-08-28 19:26 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-23 09:59 . 2008-08-23 09:59 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-22 22:06 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-22 22:06 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-18 13:50 . 2008-09-03 13:20 3,708 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-18 12:12 . 2008-08-18 17:09 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-08-15 21:06 . 2008-09-03 08:29 <REP> d-------- C:\Program Files\DNA
    2008-08-15 21:06 . 2008-08-15 21:06 <REP> d-------- C:\Program Files\BitTorrent
    2008-08-15 21:06 . 2008-09-02 01:14 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\DNA
    2008-08-15 21:06 . 2008-09-03 10:48 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\BitTorrent
    2008-08-13 15:06 . 2008-08-13 15:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-03 12:49 4,876 ----a-w C:\Program Files\vzsnisxs.txt
    2008-09-03 08:43 14 ----a-w C:\Documents and Settings\Arnaud\getfile.dat
    2008-09-03 06:00 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AVG7
    2008-09-01 23:11 --------- d-----w C:\Program Files\eMule
    2008-08-23 10:44 --------- d-----w C:\Program Files\Everest Poker
    2008-08-18 15:21 --------- d-----w C:\Program Files\World of Warcraft
    2008-08-18 15:21 --------- d-----w C:\Program Files\VideoLAN
    2008-08-18 15:21 --------- d-----w C:\Program Files\Trojan Remover
    2008-08-18 15:21 --------- d-----w C:\Program Files\themexp
    2008-08-18 15:21 --------- d-----w C:\Program Files\Softwin
    2008-08-18 15:21 --------- d-----w C:\Program Files\Services en ligne
    2008-08-18 15:21 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-18 15:21 --------- d-----w C:\Program Files\mozilla.org
    2008-08-18 15:18 --------- d-----w C:\Program Files\Micro Application
    2008-08-18 15:18 --------- d-----w C:\Program Files\Google
    2008-08-18 15:18 --------- d-----w C:\Program Files\FileZilla
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-08-18 15:18 --------- d-----w C:\Program Files\ACD Systems
    2008-08-18 15:18 --------- d-----w C:\Program Files\3DNA
    2008-08-18 15:09 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-08-15 11:47 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Shareaza
    2008-07-17 17:10 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\XnView
    2008-07-17 17:02 --------- d-----w C:\Program Files\XnView
    2008-07-15 22:27 --------- d-----w C:\Program Files\MySpace
    2008-07-15 22:27 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\MySpace
    2007-07-04 13:51 147,456 ----a-w C:\Documents and Settings\Arnaud\upgrepl.exe.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-18_17.31.00.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
    + 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 16:15:33 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
    + 2008-06-23 16:15:34 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
    + 2008-06-23 16:15:35 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
    + 2008-06-23 16:15:35 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
    + 2008-06-23 16:15:35 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
    + 2008-06-23 16:15:35 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
    + 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
    + 2008-06-23 16:15:36 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
    + 2008-06-23 16:15:36 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
    + 2008-06-23 16:15:36 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
    + 2008-06-23 16:15:39 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
    + 2008-06-23 16:15:40 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
    + 2008-06-23 16:15:40 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
    + 2008-06-23 16:15:41 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
    + 2008-06-23 16:15:41 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
    + 2008-06-23 16:15:42 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
    + 2008-06-23 16:15:43 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\spru040c.dll
    + 2008-06-23 16:15:43 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
    + 2008-06-23 16:15:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
    + 2008-06-23 15:10:27 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
    + 2008-06-26 08:13:32 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
    + 2008-06-26 08:13:32 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
    + 2008-06-23 15:10:27 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
    + 2008-06-25 04:26:28 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
    + 2008-06-26 08:00:28 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
    + 2008-06-26 08:00:28 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
    + 2008-06-23 14:56:26 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
    + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
    - 2006-11-03 08:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2008-08-23 08:00:00 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
    - 2007-04-18 12:31:55 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-04-18 12:31:55 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-06-23 15:39:58 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    + 2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    - 2007-06-16 19:37:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-03 14:44:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-03 09:08:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    - 2007-06-16 19:37:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-09-03 14:44:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-09-03 14:20:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat
    - 2007-04-18 12:31:56 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-06-23 15:39:59 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    - 2004-08-05 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    - 2007-04-18 12:31:55 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-04-18 12:31:55 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-06-23 15:39:58 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    - 2007-04-18 12:31:56 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-06-23 15:39:59 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    - 2004-08-05 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    - 2006-06-26 17:41:32 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2007-04-18 12:31:56 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-04-18 12:31:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2005-07-26 04:39:57 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    + 2008-07-07 20:31:48 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    - 2007-04-18 12:31:57 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-06-23 15:40:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-04-18 10:22:13 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-04-18 12:31:57 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-06-23 15:40:00 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-08-21 06:17:23 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2007-04-18 12:31:57 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-06-23 15:40:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2006-05-18 05:31:21 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-04-18 12:31:57 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2004-08-05 12:00:00 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    + 2008-05-01 14:31:48 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    - 2005-06-29 01:49:41 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    + 2008-06-24 16:23:56 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    - 2004-08-05 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    - 2004-08-05 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    - 2007-05-04 12:36:14 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-04-18 12:32:00 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2004-08-05 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    - 2004-08-05 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    - 2004-08-05 12:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    - 2004-08-05 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    - 2004-08-05 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    - 2007-04-18 12:32:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-06-23 15:40:03 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2004-08-05 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    - 2006-10-18 20:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    + 2006-12-04 14:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    - 2004-08-05 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    - 2007-04-18 12:32:00 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-06-23 15:40:04 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2004-08-05 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    - 2004-08-05 12:00:00 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:06 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    - 2004-08-05 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    - 2007-04-18 12:32:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2005-08-30 03:55:43 1,293,312 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    - 2007-04-18 12:32:01 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2007-04-18 12:32:01 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    - 2006-11-03 08:58:34 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    + 2007-06-29 09:59:14 318,976 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    - 2007-04-18 12:32:01 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-06-23 15:40:06 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2004-08-05 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-04-18 12:32:02 663,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-06-23 15:40:08 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
    + 2007-10-25 07:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2006-10-18 20:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
    + 2007-06-11 21:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
    - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2004-08-05 12:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    - 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    - 2007-04-18 12:31:56 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-04-18 12:31:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2005-07-26 04:39:57 243,200 ----a-w C:\WINDOWS\system32\es.dll
    + 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll
    - 2007-04-18 12:31:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-06-23 15:40:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2007-04-18 12:31:57 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-06-23 15:40:00 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2007-04-18 12:31:57 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-06-23 15:40:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-04-18 12:31:57 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-08-05 09:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2005-06-29 01:49:41 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    + 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    - 2004-08-05 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
    - 2004-08-05 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
    - 2007-05-04 12:36:14 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-04-18 12:32:00 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2004-08-05 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
    - 2004-08-05 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    - 2004-08-05 12:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
    + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    - 2004-08-05 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
    - 2004-08-05 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
    - 2007-04-18 12:32:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-06-23 15:40:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2004-08-05 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
    - 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
    + 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
    - 2004-08-05 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
    - 2007-04-18 12:32:00 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-06-23 15:40:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2004-08-05 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
    - 2004-08-05 12:00:00 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    + 2008-06-20 17:41:06 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    - 2004-08-05 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
    - 2002-02-04 01:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
    + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
    - 2007-07-30 18:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    + 2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    - 2007-07-30 18:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    + 2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    - 2007-04-18 12:32:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    - 2007-04-18 12:32:01 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2007-04-18 12:32:01 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
    - 2007-04-18 12:32:01 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-06-23 15:40:06 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2004-08-05 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    - 2007-04-18 12:32:02 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-06-23 15:40:08 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
    + 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    - 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
    + 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
    - 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    + 2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    - 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    - 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    - 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    + 2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    - 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    - 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    - 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    + 2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    - 2007-06-12 21:53:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 421888]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 8192]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
    "TM Control"="C:\WINDOWS\system32\TMController.exe" [2007-03-01 184396]
    "Schedule_d"="C:\Program Files\DVBT Application\Schedule_d.exe" [2006-08-24 94208]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "ScanSoft PDF Create! 4-reminder"="C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" [2006-11-16 35368]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 579584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 219136]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Nono\\Jeux\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "12394:TCP"= 12394:TCP:*:Disabled:NortonAV
    "13454:TCP"= 13454:TCP:*:Disabled:NortonAV
    "12949:TCP"= 12949:TCP:*:Disabled:NortonAV
    "14296:TCP"= 14296:TCP:*:Disabled:NortonAV
    "17642:TCP"= 17642:TCP:*:Disabled:NortonAV
    "12593:TCP"= 12593:TCP:*:Disabled:NortonAV
    "15053:TCP"= 15053:TCP:*:Disabled:NortonAV
    "15225:TCP"= 15225:TCP:*:Disabled:NortonAV
    "12644:TCP"= 12644:TCP:NortonAV
    "16696:TCP"= 16696:TCP:NortonAV
    "17224:TCP"= 17224:TCP:NortonAV
    "12701:TCP"= 12701:TCP:NortonAV
    "16534:TCP"= 16534:TCP:NortonAV
    "15672:TCP"= 15672:TCP:NortonAV
    "15777:TCP"= 15777:TCP:NortonAV
    "14610:TCP"= 14610:TCP:NortonAV
    "14916:TCP"= 14916:TCP:NortonAV
    "18964:TCP"= 18964:TCP:NortonAV
    "14673:TCP"= 14673:TCP:NortonAV
    "15030:TCP"= 15030:TCP:NortonAV
    "14815:TCP"= 14815:TCP:NortonAV
    "12162:TCP"= 12162:TCP:NortonAV
    "13249:TCP"= 13249:TCP:NortonAV
    "17918:TCP"= 17918:TCP:NortonAV
    "18091:TCP"= 18091:TCP:NortonAV
    "13450:TCP"= 13450:TCP:NortonAV
    "12151:TCP"= 12151:TCP:NortonAV

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 283776]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b1c8fa2-00ff-11dd-a7dc-00196612354a}]
    \Shell\AutoRun\command - ie.exe
    \Shell\explore\Command - ie.exe
    \Shell\open\Command - ie.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a324b1-36b7-11dc-9bf7-00196612354a}]
    \Shell\Auto\command -
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\5cxzywx6.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-03 17:28:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-03 17:34:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-03 15:34:06
    ComboFix2.txt 2008-08-18 15:31:20

    Pre-Run: 7,557,316,608 octets libres
    Post-Run: 7,583,498,240 octets libres

    579 --- E O F --- 2008-09-03 13:46:02
    0
  17. Arnaud. Messages postés 46 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voilà le rapport combofix :

    ComboFix 08-09-01.05 - Arnaud 2008-09-03 17:22:31.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.646 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Arnaud\Application Data\Adobe\crc.dat
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\XDGFCJ6L\bin.clearspring.com
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\XDGFCJ6L\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\Arnaud\Cookies\arnaud@ad.yieldmanager[2].txt
    C:\Documents and Settings\Arnaud\Cookies\arnaud@clickintext[1].txt
    C:\Documents and Settings\Arnaud\Cookies\arnaud@ehg-dig.hitbox[1].txt

    ----- BITS: Possible sites infect‚s -----

    http://hqsextube08.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-03 14:49 . 2008-09-03 14:49 61,440 --a------ C:\WINDOWS\system32\drivers\iora.sys
    2008-09-03 14:12 . 2008-09-03 14:12 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
    2008-09-03 14:11 . 2008-09-03 14:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 14:11 . 2008-09-03 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 14:11 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 14:11 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 13:08 . 2008-09-03 13:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 11:14 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
    2008-09-03 10:45 . 2008-09-03 15:13 <REP> d-------- C:\Program Files\MSA
    2008-09-03 10:45 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
    2008-09-02 19:19 . 2008-09-02 20:09 <REP> d-------- C:\Program Files\DOSBox-0.72
    2008-09-02 18:37 . 2008-09-02 18:37 <REP> d-------- C:\Documents and Settings\Arnaud\WINDOWS
    2008-09-02 01:18 . 2008-09-02 19:10 <REP> d-------- C:\Program Files\UtopiaBOX 2.02
    2008-08-28 18:41 . 2008-08-28 19:26 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-23 09:59 . 2008-08-23 09:59 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-22 22:06 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-08-22 22:06 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-18 13:50 . 2008-09-03 13:20 3,708 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-18 12:12 . 2008-08-18 17:09 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-08-15 21:06 . 2008-09-03 08:29 <REP> d-------- C:\Program Files\DNA
    2008-08-15 21:06 . 2008-08-15 21:06 <REP> d-------- C:\Program Files\BitTorrent
    2008-08-15 21:06 . 2008-09-02 01:14 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\DNA
    2008-08-15 21:06 . 2008-09-03 10:48 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\BitTorrent
    2008-08-13 15:06 . 2008-08-13 15:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-03 12:49 4,876 ----a-w C:\Program Files\vzsnisxs.txt
    2008-09-03 08:43 14 ----a-w C:\Documents and Settings\Arnaud\getfile.dat
    2008-09-03 06:00 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AVG7
    2008-09-01 23:11 --------- d-----w C:\Program Files\eMule
    2008-08-23 10:44 --------- d-----w C:\Program Files\Everest Poker
    2008-08-18 15:21 --------- d-----w C:\Program Files\World of Warcraft
    2008-08-18 15:21 --------- d-----w C:\Program Files\VideoLAN
    2008-08-18 15:21 --------- d-----w C:\Program Files\Trojan Remover
    2008-08-18 15:21 --------- d-----w C:\Program Files\themexp
    2008-08-18 15:21 --------- d-----w C:\Program Files\Softwin
    2008-08-18 15:21 --------- d-----w C:\Program Files\Services en ligne
    2008-08-18 15:21 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-18 15:21 --------- d-----w C:\Program Files\mozilla.org
    2008-08-18 15:18 --------- d-----w C:\Program Files\Micro Application
    2008-08-18 15:18 --------- d-----w C:\Program Files\Google
    2008-08-18 15:18 --------- d-----w C:\Program Files\FileZilla
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-18 15:18 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-08-18 15:18 --------- d-----w C:\Program Files\ACD Systems
    2008-08-18 15:18 --------- d-----w C:\Program Files\3DNA
    2008-08-18 15:09 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-08-15 11:47 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Shareaza
    2008-07-17 17:10 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\XnView
    2008-07-17 17:02 --------- d-----w C:\Program Files\XnView
    2008-07-15 22:27 --------- d-----w C:\Program Files\MySpace
    2008-07-15 22:27 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\MySpace
    2007-07-04 13:51 147,456 ----a-w C:\Documents and Settings\Arnaud\upgrepl.exe.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-18_17.31.00.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
    + 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 16:15:33 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
    + 2008-06-23 16:15:34 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
    + 2008-06-23 16:15:35 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
    + 2008-06-23 16:15:35 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
    + 2008-06-23 16:15:35 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
    + 2008-06-23 16:15:35 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
    + 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
    + 2008-06-23 16:15:36 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
    + 2008-06-23 16:15:36 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
    + 2008-06-23 16:15:36 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
    + 2008-06-23 16:15:39 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
    + 2008-06-23 16:15:40 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
    + 2008-06-23 16:15:40 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
    + 2008-06-23 16:15:41 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
    + 2008-06-23 16:15:41 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
    + 2008-06-23 16:15:42 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
    + 2008-06-23 16:15:43 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\spru040c.dll
    + 2008-06-23 16:15:43 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
    + 2008-06-23 16:15:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
    + 2008-06-23 15:10:27 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
    + 2008-06-26 08:13:32 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
    + 2008-06-26 08:13:32 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
    + 2008-06-23 15:10:27 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
    + 2008-06-25 04:26:28 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
    + 2008-06-26 08:00:28 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
    + 2008-06-26 08:00:28 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
    + 2008-06-23 14:56:26 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
    + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
    - 2006-11-03 08:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2008-08-23 08:00:00 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
    - 2007-04-18 12:31:55 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-04-18 12:31:55 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-06-23 15:39:58 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    + 2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    - 2007-06-16 19:37:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-03 14:44:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-03 09:08:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    - 2007-06-16 19:37:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-09-03 14:44:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-09-03 14:20:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat
    - 2007-04-18 12:31:56 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-06-23 15:39:59 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    - 2004-08-05 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    - 2007-04-18 12:31:55 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-04-18 12:31:55 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-06-23 15:39:58 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    - 2007-04-18 12:31:56 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-06-23 15:39:59 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
    - 2004-08-05 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    - 2006-06-26 17:41:32 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2007-04-18 12:31:56 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-04-18 12:31:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2005-07-26 04:39:57 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    + 2008-07-07 20:31:48 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
    - 2007-04-18 12:31:57 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-06-23 15:40:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-04-18 10:22:13 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-04-18 12:31:57 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-06-23 15:40:00 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-08-21 06:17:23 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2007-04-18 12:31:57 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-06-23 15:40:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2006-05-18 05:31:21 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-04-18 12:31:57 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2004-08-05 12:00:00 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    + 2008-05-01 14:31:48 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
    - 2005-06-29 01:49:41 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    + 2008-06-24 16:23:56 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
    - 2004-08-05 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    - 2004-08-05 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    - 2007-05-04 12:36:14 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-04-18 12:32:00 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2004-08-05 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    - 2004-08-05 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    - 2004-08-05 12:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    - 2004-08-05 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    - 2004-08-05 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    - 2007-04-18 12:32:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-06-23 15:40:03 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2004-08-05 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    - 2006-10-18 20:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    + 2006-12-04 14:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
    - 2004-08-05 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    - 2007-04-18 12:32:00 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-06-23 15:40:04 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2004-08-05 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    - 2004-08-05 12:00:00 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:06 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    - 2004-08-05 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    - 2007-04-18 12:32:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2005-08-30 03:55:43 1,293,312 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    - 2007-04-18 12:32:01 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2007-04-18 12:32:01 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    - 2006-11-03 08:58:34 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    + 2007-06-29 09:59:14 318,976 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    - 2007-04-18 12:32:01 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-06-23 15:40:06 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2004-08-05 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-04-18 12:32:02 663,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-06-23 15:40:08 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
    + 2007-10-25 07:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2006-10-18 20:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
    + 2007-06-11 21:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
    - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2004-08-05 12:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    - 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    - 2007-04-18 12:31:56 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-04-18 12:31:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2005-07-26 04:39:57 243,200 ----a-w C:\WINDOWS\system32\es.dll
    + 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll
    - 2007-04-18 12:31:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-06-23 15:40:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2007-04-18 12:31:57 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-06-23 15:40:00 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2007-04-18 12:31:57 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-06-23 15:40:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-04-18 12:31:57 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-08-05 09:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2005-06-29 01:49:41 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    + 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    - 2004-08-05 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
    - 2004-08-05 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
    - 2007-05-04 12:36:14 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-04-18 12:32:00 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2004-08-05 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
    - 2004-08-05 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    - 2004-08-05 12:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
    + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    - 2004-08-05 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
    - 2004-08-05 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
    - 2007-04-18 12:32:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-06-23 15:40:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2004-08-05 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
    - 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
    + 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
    - 2004-08-05 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
    - 2007-04-18 12:32:00 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-06-23 15:40:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2004-08-05 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
    - 2004-08-05 12:00:00 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    + 2008-06-20 17:41:06 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    - 2004-08-05 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
    - 2002-02-04 01:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
    + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
    - 2007-07-30 18:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    + 2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    - 2007-07-30 18:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    + 2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    - 2007-04-18 12:32:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    - 2007-04-18 12:32:01 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2007-04-18 12:32:01 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
    - 2007-04-18 12:32:01 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-06-23 15:40:06 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2004-08-05 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    - 2007-04-18 12:32:02 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-06-23 15:40:08 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
    + 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    - 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
    + 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
    - 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    + 2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    - 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    + 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    - 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    + 2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    - 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    + 2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    - 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    - 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    - 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    + 2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    - 2007-06-12 21:53:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 421888]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 8192]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
    "TM Control"="C:\WINDOWS\system32\TMController.exe" [2007-03-01 184396]
    "Schedule_d"="C:\Program Files\DVBT Application\Schedule_d.exe" [2006-08-24 94208]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "ScanSoft PDF Create! 4-reminder"="C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" [2006-11-16 35368]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 579584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 219136]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Nono\\Jeux\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "12394:TCP"= 12394:TCP:*:Disabled:NortonAV
    "13454:TCP"= 13454:TCP:*:Disabled:NortonAV
    "12949:TCP"= 12949:TCP:*:Disabled:NortonAV
    "14296:TCP"= 14296:TCP:*:Disabled:NortonAV
    "17642:TCP"= 17642:TCP:*:Disabled:NortonAV
    "12593:TCP"= 12593:TCP:*:Disabled:NortonAV
    "15053:TCP"= 15053:TCP:*:Disabled:NortonAV
    "15225:TCP"= 15225:TCP:*:Disabled:NortonAV
    "12644:TCP"= 12644:TCP:NortonAV
    "16696:TCP"= 16696:TCP:NortonAV
    "17224:TCP"= 17224:TCP:NortonAV
    "12701:TCP"= 12701:TCP:NortonAV
    "16534:TCP"= 16534:TCP:NortonAV
    "15672:TCP"= 15672:TCP:NortonAV
    "15777:TCP"= 15777:TCP:NortonAV
    "14610:TCP"= 14610:TCP:NortonAV
    "14916:TCP"= 14916:TCP:NortonAV
    "18964:TCP"= 18964:TCP:NortonAV
    "14673:TCP"= 14673:TCP:NortonAV
    "15030:TCP"= 15030:TCP:NortonAV
    "14815:TCP"= 14815:TCP:NortonAV
    "12162:TCP"= 12162:TCP:NortonAV
    "13249:TCP"= 13249:TCP:NortonAV
    "17918:TCP"= 17918:TCP:NortonAV
    "18091:TCP"= 18091:TCP:NortonAV
    "13450:TCP"= 13450:TCP:NortonAV
    "12151:TCP"= 12151:TCP:NortonAV

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 283776]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b1c8fa2-00ff-11dd-a7dc-00196612354a}]
    \Shell\AutoRun\command - ie.exe
    \Shell\explore\Command - ie.exe
    \Shell\open\Command - ie.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a324b1-36b7-11dc-9bf7-00196612354a}]
    \Shell\Auto\command -
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\5cxzywx6.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-03 17:28:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-03 17:34:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-03 15:34:06
    ComboFix2.txt 2008-08-18 15:31:20

    Pre-Run: 7,557,316,608 octets libres
    Post-Run: 7,583,498,240 octets libres

    579 --- E O F --- 2008-09-03 13:46:02
    0
  18. Utilisateur anonyme
     
    Affiche tous les fichiers et dossiers :
    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «appliquer» pour valider les changements.

    Et OK

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :C:\WINDOWS\system32\drivers\iora.sys

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    0
  • 1
  • 2