Neija

Bonsoir, Merci du conseil mais voila je suis contre le P2P je suis donc très étonnée de savoir qu'il y a non seulement un logiciel P2P d'installé sur le pc mais qu'en plus il y a des cracks aussi. Peux-tu me dire quel logiciel de P2P est installé et de quel crack il s'agit ??? Merci beaucoup pour tout N.

Bonjour Rapport combofix : ComboFix 08-10-30.12 - rouimet 2008-11-05 9:08:12.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.508 [GMT -5:00] Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFSCRIPT.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\nNeDWOee.dll C:\WINDOWS\system32\sahrwx.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 )))))))))))))))))))))))))))))))))))) . 2008-11-03 13:52 . 2008-11-03 13:52 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\AdobeUM 2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\Malwarebytes 2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-10-29 13:38 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-29 13:38 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-29 13:35 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-29 13:34 . 2008-08-14 08:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-29 13:34 . 2008-08-14 08:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-29 13:34 . 2008-08-14 08:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-29 13:34 . 2008-08-14 08:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-29 13:34 . 2008-09-15 10:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-29 13:33 . 2008-10-15 11:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-27 09:56 . 2006-11-13 15:43 29,799 --a------ C:\WINDOWS\_detmp.1 2008-10-27 09:56 . 2001-08-08 11:58 28,672 --a------ C:\WINDOWS\_detmp.2 2008-10-27 09:38 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau 2008-10-27 09:38 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression 2008-10-27 09:38 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles 2008-10-27 09:38 . 2008-10-27 09:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents 2008-10-27 09:38 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer 2008-10-27 09:38 . 2008-10-27 09:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris 2008-10-27 09:38 . 2006-10-15 07:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau 2008-10-27 09:38 . 2008-10-27 09:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET 2008-10-24 12:43 . 2008-10-24 12:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems 2008-10-23 15:22 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau 2008-10-23 15:22 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression 2008-10-23 15:22 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles 2008-10-23 15:22 . 2008-11-03 13:50 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents 2008-10-23 15:22 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer 2008-10-23 15:22 . 2008-10-29 15:23 <REP> dr------- C:\Documents and Settings\rouimet\Favoris 2008-10-23 15:22 . 2008-11-05 09:07 <REP> d-------- C:\Documents and Settings\rouimet\Bureau 2008-10-23 15:22 . 2008-10-31 11:01 <REP> d-------- C:\Documents and Settings\rouimet 2008-10-23 15:11 . 2008-10-23 15:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2008-10-23 15:11 . 2008-10-23 15:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2008-10-23 15:11 . 2008-10-23 15:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll 2008-10-23 15:11 . 2008-10-23 15:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-10-23 15:11 . 2008-10-23 15:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll 2008-10-23 14:28 . 2008-10-23 15:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-23 14:28 . 2008-10-23 15:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-23 14:28 . 2008-10-23 15:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-23 14:28 . 2008-10-23 15:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-23 14:22 . 2008-10-29 12:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec 2008-10-23 14:19 . 2008-10-23 14:19 <REP> d-------- C:\TEMP\Clt-Inst 2008-10-23 14:14 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau 2008-10-23 14:14 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression 2008-10-23 14:14 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles 2008-10-23 14:14 . 2008-10-23 14:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents 2008-10-23 14:14 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer 2008-10-23 14:14 . 2008-10-23 14:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris 2008-10-23 14:14 . 2006-10-15 07:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau 2008-10-23 14:13 . 2008-10-23 14:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET 2008-10-23 13:51 . 2008-10-23 13:51 <REP> d-------- C:\Program Files\MSECache 2008-10-23 12:49 . 2008-10-23 12:49 <REP> d-------- C:\Program Files\Microsoft Works 2008-10-23 12:43 . 2008-10-23 12:43 <REP> d-------- C:\Program Files\Microsoft.NET 2008-10-23 10:57 . 2006-10-26 18:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll 2008-10-23 10:21 . 2008-10-31 10:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-10-23 10:17 . 2008-10-23 10:17 <REP> dr-h----- C:\MSOCache 2008-10-06 13:29 . 2008-10-06 13:29 754 --a------ C:\WINDOWS\WORDPAD.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared 2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004 2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-10-29 14:10 --------- d-----w C:\Program Files\winsim 2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec 2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak 2008-10-23 16:55 --------- d-----w C:\Program Files\Google 2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update 2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-23 16:07 --------- d-----w C:\Program Files\ESET 2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM 2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip 2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat 2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat 2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX 2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe 2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst 2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX 2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX 2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp 2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll 2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe 2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX 2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe 2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe 2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt 2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz 2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt 2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt 2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt 2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt 2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt 2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt 2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt 2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt 2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt 2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst 2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf 2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini 2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt 2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion 2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\_detmp.1 ---- C:\WINDOWS\_detmp.1\ ---- Directory of C:\WINDOWS\_detmp.2 ---- C:\WINDOWS\_detmp.2\ ((((((((((((((((((((((((((((( snapshot_2008-10-31_10.31.18.44 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE - 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE - 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe + 2000-08-31 13:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe - 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe + 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe - 2008-10-29 13:45:14 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-11-04 01:04:29 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-10-29 13:45:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-04 01:04:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-10-29 13:45:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-11-04 01:04:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-10-30 07:22:33 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-11-03 14:04:15 1,492,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2008-10-24 14:54:52 66,264 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-11-03 14:18:55 66,264 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-10-24 14:54:52 80,564 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-11-03 14:18:55 80,564 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-10-24 14:54:52 419,590 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-11-03 14:18:55 419,590 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-10-24 14:54:52 487,536 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-11-03 14:18:55 487,536 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A2462BA-8A0D-436E-8811-66E69AD36B7D}] C:\WINDOWS\system32\nNeDWOee.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560] "\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nNeDWOee] nNeDWOee.dll [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sahrwx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\ftp.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888] S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ] S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ] S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 10:22:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Heure de fin: 2008-11-05 10:30:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-05 15:30:39 ComboFix2.txt 2008-10-31 16:00:06 ComboFix3.txt 2008-10-31 14:32:00 ComboFix4.txt 2008-10-29 18:32:49 Avant-CF: 6,838,564,352 octets libres Après-CF: 6,903,069,696 octets libres 233 --- E O F --- 2008-10-30 07:15:45 rapport kasperksy Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, November 03, 2008 17:50:06 Records in database: 1369040 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ G:\ H:\ M:\ N:\ O:\ Scan statistics Files scanned 118562 Threat name 20 Infected objects 45 Suspicious objects 0 Duration of the scan 06:05:27 File name Threat name Threats count C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700000\4B765610.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.eqq 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700001\4B770F86.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700002\4B773B00.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100000\4D10DDBE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ema 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100001\4D11EECE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.eky 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100002\4D11EEE4.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ema 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100003\4D11F4B0.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100005\4D122FA1.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100006\4D1381A2.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100007\4D14D338.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AE00000\4BE5BDDA.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0C1C0001\4D1CDAC7.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ekm 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0CC80001\4DC86CEE.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1 C:\Program Files\eMule\Incoming\[spanish] Adobe Acrobat 8 Professional activation crack keygen serial.zip Infected: Backdoor.Win32.Agent.aou 1 C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bskevu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eqt 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nggjpaal.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eqt 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\qjgsmewp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.emh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\xfllwm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.emh 1 D:\Installe\kazaalite\first stage\kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o 1 D:\Installe\kazaalite\kazaalite_202_b1.zip Infected: not-a-virus:AdWare.Win32.Altnet.o 1 G:\ScannerKM\Bureau\SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2 The selected area was scanned.

Voici le dernier rapport de COMBOFIX : ComboFix 08-10-30.12 - rouimet 2008-10-31 10:18:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.580 [GMT -4:00] Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\_detmp.1\ C:\WINDOWS\_detmp.2\ . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 )))))))))))))))))))))))))))))))))))) . 2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\Malwarebytes 2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-10-29 14:38 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-29 14:38 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-29 14:35 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-29 14:34 . 2008-08-14 09:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-29 14:34 . 2008-08-14 09:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-29 14:34 . 2008-08-14 09:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-29 14:34 . 2008-08-14 09:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-29 14:34 . 2008-09-15 11:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-29 14:33 . 2008-10-15 12:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-27 10:56 . 2006-11-13 16:43 29,799 --a------ C:\WINDOWS\_detmp.1 2008-10-27 10:56 . 2001-08-08 12:58 28,672 --a------ C:\WINDOWS\_detmp.2 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression 2008-10-27 10:38 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles 2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents 2008-10-27 10:38 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer 2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau 2008-10-27 10:38 . 2008-10-27 10:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET 2008-10-24 13:43 . 2008-10-24 13:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems 2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau 2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression 2008-10-23 16:22 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles 2008-10-23 16:22 . 2008-10-29 16:17 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents 2008-10-23 16:22 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer 2008-10-23 16:22 . 2008-10-29 16:23 <REP> dr------- C:\Documents and Settings\rouimet\Favoris 2008-10-23 16:22 . 2008-10-31 10:18 <REP> d-------- C:\Documents and Settings\rouimet\Bureau 2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- C:\Documents and Settings\rouimet 2008-10-23 16:11 . 2008-10-23 16:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2008-10-23 16:11 . 2008-10-23 16:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2008-10-23 16:11 . 2008-10-23 16:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll 2008-10-23 16:11 . 2008-10-23 16:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-10-23 16:11 . 2008-10-23 16:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll 2008-10-23 15:28 . 2008-10-23 16:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-23 15:28 . 2008-10-23 16:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-23 15:28 . 2008-10-23 16:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-23 15:28 . 2008-10-23 16:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-23 15:22 . 2008-10-29 13:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec 2008-10-23 15:19 . 2008-10-23 15:19 <REP> d-------- C:\TEMP\Clt-Inst 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression 2008-10-23 15:14 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles 2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents 2008-10-23 15:14 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer 2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau 2008-10-23 15:13 . 2008-10-23 15:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET 2008-10-23 14:51 . 2008-10-23 14:51 <REP> d-------- C:\Program Files\MSECache 2008-10-23 13:49 . 2008-10-23 13:49 <REP> d-------- C:\Program Files\Microsoft Works 2008-10-23 13:43 . 2008-10-23 13:43 <REP> d-------- C:\Program Files\Microsoft.NET 2008-10-23 11:57 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll 2008-10-23 11:21 . 2008-10-30 03:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-10-23 11:17 . 2008-10-23 11:17 <REP> dr-h----- C:\MSOCache 2008-10-20 10:11 . 2008-10-20 10:11 <REP> d-------- C:\Program Files\NetworkStreaming 2008-10-06 14:29 . 2008-10-06 14:29 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-03 10:30 . 2008-09-03 10:30 <REP> d-------- C:\WINDOWS\ServicePackFiles . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared 2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004 2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-10-29 14:10 --------- d-----w C:\Program Files\winsim 2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec 2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak 2008-10-23 16:55 --------- d-----w C:\Program Files\Google 2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update 2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-23 16:07 --------- d-----w C:\Program Files\ESET 2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM 2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip 2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat 2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat 2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX 2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe 2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst 2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX 2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX 2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp 2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll 2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe 2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX 2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe 2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe 2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt 2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz 2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt 2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt 2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt 2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt 2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt 2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt 2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt 2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt 2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt 2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst 2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf 2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini 2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt 2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion 2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR . ((((((((((((((((((((((((((((( snapshot@2008-10-29_14.31.59.44 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-26 09:10:25 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll + 2008-08-26 09:10:25 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll + 2008-08-26 09:10:25 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll + 2008-08-26 09:10:25 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll + 2008-08-26 09:10:25 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll + 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe + 2008-08-26 09:10:26 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll + 2008-08-26 09:10:26 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll + 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat + 2008-08-26 09:10:26 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll + 2008-08-26 09:10:26 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll + 2008-10-03 16:22:30 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll + 2008-08-26 09:10:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll + 2008-08-26 09:10:27 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll + 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe + 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe + 2008-08-26 09:10:27 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll + 2008-08-26 09:10:27 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll + 2008-08-26 09:10:27 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll + 2008-08-26 09:10:28 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll + 2008-08-26 09:10:28 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll + 2008-08-26 09:10:28 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll + 2008-08-26 09:10:29 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll + 2008-08-26 09:10:29 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll + 2008-08-26 09:10:29 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll + 2008-08-26 09:10:29 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll + 2008-08-26 09:10:29 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll + 2008-08-26 09:10:29 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll + 2008-08-26 09:10:29 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll + 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 13:23:49 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 13:23:49 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe + 2008-06-23 16:28:17 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll + 2008-06-23 16:28:17 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll + 2008-06-23 16:28:17 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll + 2008-06-23 16:28:17 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll + 2008-06-23 16:28:17 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll + 2008-06-23 09:21:30 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe + 2008-06-23 16:28:18 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll + 2008-06-23 16:28:18 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll + 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll + 2008-06-23 16:28:18 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll + 2008-06-23 16:28:18 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll + 2008-06-23 16:28:19 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll + 2008-06-23 16:28:19 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll + 2008-06-23 16:28:20 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll + 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe + 2008-06-23 09:21:49 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe + 2008-06-23 16:28:20 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll + 2008-06-23 16:28:20 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll + 2008-06-23 16:28:20 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll + 2008-06-24 14:28:24 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll + 2008-06-23 16:28:22 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll + 2008-06-23 16:28:22 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll + 2008-06-23 16:28:22 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll + 2008-06-23 16:28:22 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll + 2008-06-23 16:28:22 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2008-06-23 16:28:22 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll + 2008-06-23 16:28:23 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll + 2008-06-23 16:28:23 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll + 2008-06-23 16:28:23 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll + 2006-09-15 20:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT + 2007-08-29 03:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\CONTAB32.DLL + 2007-08-24 08:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\DLGSETP.DLL + 2007-10-06 00:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\EXCEL.EXE + 2007-08-24 08:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MIMEDIR.DLL + 2007-09-15 01:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MSO.DLL + 2007-08-29 04:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OGL.DLL + 2007-08-29 03:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OLMAPI32.DLL + 2007-08-24 09:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OMSMAIN.DLL + 2007-08-24 09:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OMSXP32.DLL + 2007-08-29 03:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLMIME.DLL + 2007-09-06 22:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLOOK.EXE + 2007-08-29 03:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLPH.DLL + 2007-08-24 08:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\PSTPRX32.DLL + 2007-08-24 08:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\SCNPST32.DLL + 2007-08-24 08:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\SCNPST64.DLL + 2007-08-29 03:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WINWORD.EXE + 2007-09-06 22:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12CNV.DLL + 2007-08-29 04:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12EXE.EXE + 2007-09-06 21:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WWLIB.DLL + 2007-10-03 00:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\XL12CNV.EXE + 2007-08-24 09:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\XLCALL32.DLL - 2008-10-23 18:46:36 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe + 2008-10-30 07:15:39 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe - 2008-10-23 18:46:36 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe + 2008-10-30 07:15:40 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe - 2008-10-23 18:46:36 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe + 2008-10-30 07:15:39 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe - 2008-10-23 18:46:36 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe + 2008-10-30 07:15:40 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe - 2008-10-23 18:46:36 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe + 2008-10-30 07:15:40 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe - 2008-10-23 18:46:36 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe + 2008-10-30 07:15:39 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe - 2008-10-23 18:46:36 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe + 2008-10-30 07:15:39 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe - 2008-10-23 18:46:36 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe + 2008-10-30 07:15:40 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe - 2008-10-23 18:46:36 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe + 2008-10-30 07:15:40 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe - 2008-10-23 18:46:36 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe + 2008-10-30 07:15:39 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe - 2008-06-23 16:28:17 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-08-26 08:11:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-06-23 16:28:17 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-08-26 08:11:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys + 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys - 2008-06-23 16:28:17 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-08-26 08:11:45 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-06-23 16:28:17 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-08-26 08:11:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-06-23 16:28:17 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-08-26 08:11:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-06-23 16:28:17 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-08-26 08:11:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-06-23 09:21:30 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-08-25 08:39:40 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-06-23 16:28:18 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-08-26 08:11:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-06-23 16:28:18 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-08-26 08:11:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-08-23 05:54:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-06-23 16:28:18 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-08-26 08:11:46 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-06-23 16:28:18 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-08-26 08:11:46 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-06-23 16:28:19 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-10-03 17:12:27 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-06-23 16:28:19 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-08-26 08:11:48 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-06-23 16:28:20 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-08-26 08:11:48 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-06-23 09:21:49 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-08-23 05:56:15 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-06-23 16:28:20 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-08-26 08:11:49 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-06-23 16:28:20 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-08-26 08:11:49 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-06-23 16:28:20 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-08-26 08:11:49 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-06-24 14:28:24 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-08-27 09:11:52 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-06-23 16:28:22 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-08-26 08:11:52 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-06-23 16:28:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-08-26 08:11:52 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-06-23 16:28:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-08-26 08:11:52 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-06-23 16:28:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-08-26 08:11:52 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-06-23 16:28:22 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-08-26 08:11:52 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-06-23 16:28:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-08-26 08:11:52 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-06-23 16:28:23 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-08-26 08:11:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-06-23 16:28:23 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-08-26 08:11:53 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-06-23 16:28:23 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-08-26 08:11:54 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys - 2008-06-23 16:28:17 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-08-26 08:11:45 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-06-23 16:28:17 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-08-26 08:11:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-06-23 16:28:17 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-08-26 08:11:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-10-29 15:51:12 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-10-30 07:22:33 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2008-06-23 16:28:17 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-08-26 08:11:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-08-25 08:39:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-08-26 08:11:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-08-26 08:11:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-08-26 08:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-08-26 08:11:46 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-06-23 16:28:19 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-10-03 17:12:27 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-06-23 16:28:19 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-08-26 08:11:48 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-08-26 08:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-08-26 08:11:49 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-08-26 08:11:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-08-26 08:11:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-06-24 14:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-08-27 09:11:52 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-08-26 08:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-08-26 08:11:52 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-08-26 08:11:52 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-04-14 02:33:34 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll + 2008-10-15 16:35:43 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll - 2008-04-14 02:07:26 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe + 2008-08-14 13:23:49 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe - 2008-04-14 02:08:03 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe + 2008-08-14 13:23:49 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe - 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-08-26 08:11:52 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-08-26 08:11:52 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-08-26 08:11:52 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-08-26 08:11:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-08-26 08:11:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-04-14 01:58:06 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys + 2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys - 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-08-26 08:11:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b07e25d-54df-4a90-af91-95fefa46a344}] C:\WINDOWS\system32\sahrwx.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560] "\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{2A2462BA-8A0D-436E-8811-66E69AD36B7D}"= "C:\WINDOWS\system32\nNeDWOee.dll" [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\ftp.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888] S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ] S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ] S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{2A2462BA-8A0D-436E-8811-66E69AD36B7D} - C:\WINDOWS\system32\nNeDWOee.dll Notify-nNeDWOee - nNeDWOee.dll ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-31 10:25:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Heure de fin: 2008-10-31 10:31:58 - La machine a redémarré [rouimet] ComboFix-quarantined-files.txt 2008-10-31 14:31:52 ComboFix2.txt 2008-10-29 18:32:49 Avant-CF: 7,050,198,016 octets libres Après-CF: 7,067,354,624 octets libres 457 --- E O F --- 2008-10-30 07:15:45 Merci Neija

Merci de votre réponse rapide. Voila le rapport de combo Fix : ComboFix 08-10-29.07 - rouimet 2008-10-29 14:10:34.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.627 [GMT -4:00] Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\xxyxYpnK.dll C:\WINDOWS\system32\zyahky.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\fbonneau\Application Data\FunWebProducts C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\avatar.dat C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\register.dat C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\zbucks.dat C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\Program Files\MyWebSearch\bar\Cache\0ACD20DD C:\Program Files\MyWebSearch\bar\Cache\0ACD264B C:\Program Files\MyWebSearch\bar\Cache\0ACD289D.bin C:\Program Files\MyWebSearch\bar\Cache\13895483.bin C:\Program Files\MyWebSearch\bar\Cache\138956E5.bin C:\Program Files\MyWebSearch\bar\Cache\13895752.bin C:\Program Files\MyWebSearch\bar\Cache\1389586B.bin C:\Program Files\MyWebSearch\bar\Cache\138958C9.bin C:\Program Files\MyWebSearch\bar\Cache\138959D3.bin C:\Program Files\MyWebSearch\bar\Cache\140B17C0.bin C:\Program Files\MyWebSearch\bar\Cache\140B2F6F.bin C:\Program Files\MyWebSearch\bar\Cache\140B30B7.bin C:\Program Files\MyWebSearch\bar\Cache\140B3182.bin C:\Program Files\MyWebSearch\bar\Cache\140B3357.bin C:\Program Files\MyWebSearch\bar\Cache\140B34BE.bin C:\Program Files\MyWebSearch\bar\Cache\140B3AF8 C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\icons\CM.ICO C:\Program Files\MyWebSearch\bar\icons\MFC.ICO C:\Program Files\MyWebSearch\bar\icons\PSS.ICO C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO C:\Program Files\MyWebSearch\bar\icons\WB.ICO C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\BM8325773a.txt C:\WINDOWS\BM8325773a.xml C:\WINDOWS\system32\aefxsqqx.ini C:\WINDOWS\system32\aefxsqqx.ini2 C:\WINDOWS\system32\bmqprbvq.dll C:\WINDOWS\system32\bnrvqqrl.ini C:\WINDOWS\system32\bnxouyeu.ini C:\WINDOWS\system32\bskevu.dll C:\WINDOWS\system32\cqwxlrfq.ini C:\WINDOWS\system32\dyafqivt.dll C:\WINDOWS\system32\ecefkmjs.ini C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\ggopyqon.ini C:\WINDOWS\system32\hitjnwbk.ini C:\WINDOWS\system32\icvtxovg.ini C:\WINDOWS\system32\jhhbbwri.ini C:\WINDOWS\system32\jxdxlvce.ini C:\WINDOWS\system32\kbwnjtih.dll C:\WINDOWS\system32\kbwwtkra.dll C:\WINDOWS\system32\KnpYxyxx.ini C:\WINDOWS\system32\KnpYxyxx.ini2 C:\WINDOWS\system32\koullwpc.ini C:\WINDOWS\system32\lhibnxkl.ini C:\WINDOWS\system32\llyfonyn.dll C:\WINDOWS\system32\mglpywjq.ini C:\WINDOWS\system32\nggjpaal.dll C:\WINDOWS\system32\nuhwaboi.ini C:\WINDOWS\system32\ouaenwou.ini C:\WINDOWS\system32\pygeov.dll C:\WINDOWS\system32\qacflsjr.ini C:\WINDOWS\system32\qjgsmewp.dll C:\WINDOWS\system32\qkfvugsg.ini C:\WINDOWS\system32\quliph.dll C:\WINDOWS\system32\rchmvs.dll C:\WINDOWS\system32\rpsivjhp.ini C:\WINDOWS\system32\rxvavrmy.dll C:\WINDOWS\system32\rXxbadMp.ini C:\WINDOWS\system32\rXxbadMp.ini2 C:\WINDOWS\system32\setup.ini C:\WINDOWS\system32\tocfsw.dll C:\WINDOWS\system32\tultbrgw.ini C:\WINDOWS\system32\tviqfayd.ini C:\WINDOWS\system32\unqgukex.dll C:\WINDOWS\system32\uqemni.dll C:\WINDOWS\system32\uwkwxwhy.ini C:\WINDOWS\system32\vcxekeqd.ini C:\WINDOWS\system32\vjiqonip.ini C:\WINDOWS\system32\vvhvhwgc.ini C:\WINDOWS\system32\wcqviugx.dll C:\WINDOWS\system32\wgrbtlut.dll C:\WINDOWS\system32\xfllwm.dll C:\WINDOWS\system32\xtpwmqge.ini C:\WINDOWS\system32\xxyxYpnK.dll C:\WINDOWS\system32\zyahky.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 )))))))))))))))))))))))))))))))))))) . 2008-10-27 10:56 . 2006-11-13 16:43 29,799 --a------ C:\WINDOWS\_detmp.1 2008-10-27 10:56 . 2001-08-08 12:58 28,672 --a------ C:\WINDOWS\_detmp.2 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression 2008-10-27 10:38 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles 2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents 2008-10-27 10:38 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer 2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris 2008-10-27 10:38 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau 2008-10-27 10:38 . 2008-10-27 10:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET 2008-10-24 13:43 . 2008-10-24 13:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems 2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau 2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression 2008-10-23 16:22 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles 2008-10-23 16:22 . 2008-10-23 16:25 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents 2008-10-23 16:22 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer 2008-10-23 16:22 . 2008-10-23 16:25 <REP> dr------- C:\Documents and Settings\rouimet\Favoris 2008-10-23 16:22 . 2008-10-29 14:10 <REP> d-------- C:\Documents and Settings\rouimet\Bureau 2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- C:\Documents and Settings\rouimet 2008-10-23 16:11 . 2008-10-23 16:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2008-10-23 16:11 . 2008-10-23 16:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2008-10-23 16:11 . 2008-10-23 16:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll 2008-10-23 16:11 . 2008-10-23 16:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-10-23 16:11 . 2008-10-23 16:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll 2008-10-23 15:28 . 2008-10-23 16:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-23 15:28 . 2008-10-23 16:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-23 15:28 . 2008-10-23 16:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-23 15:28 . 2008-10-23 16:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-23 15:22 . 2008-10-29 13:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec 2008-10-23 15:19 . 2008-10-23 15:19 <REP> d-------- C:\TEMP\Clt-Inst 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression 2008-10-23 15:14 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles 2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents 2008-10-23 15:14 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer 2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris 2008-10-23 15:14 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau 2008-10-23 15:13 . 2008-10-23 15:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET 2008-10-23 14:51 . 2008-10-23 14:51 <REP> d-------- C:\Program Files\MSECache 2008-10-23 13:49 . 2008-10-23 13:49 <REP> d-------- C:\Program Files\Microsoft Works 2008-10-23 13:43 . 2008-10-23 13:43 <REP> d-------- C:\Program Files\Microsoft.NET 2008-10-23 11:57 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll 2008-10-23 11:21 . 2008-10-23 14:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-10-23 11:17 . 2008-10-23 11:17 <REP> dr-h----- C:\MSOCache 2008-10-20 10:11 . 2008-10-20 10:11 <REP> d-------- C:\Program Files\NetworkStreaming 2008-10-06 14:29 . 2008-10-06 14:29 754 --a------ C:\WINDOWS\WORDPAD.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared 2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004 2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-10-29 14:10 --------- d-----w C:\Program Files\winsim 2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec 2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak 2008-10-23 16:55 --------- d-----w C:\Program Files\Google 2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update 2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-23 16:07 --------- d-----w C:\Program Files\ESET 2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM 2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime 2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip 2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat 2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat 2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX 2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe 2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst 2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX 2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX 2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp 2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll 2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe 2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX 2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe 2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe 2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt 2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz 2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt 2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt 2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt 2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt 2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt 2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt 2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt 2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt 2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt 2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst 2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf 2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini 2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt 2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion 2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560] "\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sahrwx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\ftp.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888] S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ] S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ] S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{4b07e25d-54df-4a90-af91-95fefa46a344} - C:\WINDOWS\system32\sahrwx.dll BHO-{68100204-48b0-4207-8989-501d7871277e} - C:\WINDOWS\system32\zyahky.dll BHO-{D299A8E1-2F92-43D5-817D-5242CB4A2B35} - C:\WINDOWS\system32\pMdabxXr.dll ShellExecuteHooks-{2A2462BA-8A0D-436E-8811-66E69AD36B7D} - (no file) SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 14:25:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe . ************************************************************************** . Heure de fin: 2008-10-29 14:32:47 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-29 18:32:41 Avant-CF: 554 195 968 octets libres Après-CF: 6,382,894,592 octets libres 371 --- E O F --- 2008-09-10 14:57:24 et le rapport de MBAM : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1337 Windows 5.1.2600 Service Pack 3 2008-10-29 15:12:43 mbam-log-2008-10-29 (15-12-43).txt Type de recherche: Examen rapide Eléments examinés: 67698 Temps écoulé: 27 minute(s), 34 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 97 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Encore Merci ! Neija

Bonjour, Je suis infectée (enfin pas moi mais mon ordinateur ^^) par de nombreux trojans, malgré mon antivirus je n'arrive pas à m'en débarrasser. Cela m'ouvre de nombreuses fenêtre de pop up .... Je viens donc demander votre aide. Je vous poste mon rapport Hijackthis afin que vous puissez l'analyser. Je vous remercie infiniment par avance. Neija Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:15, on 2008-10-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\rouimet\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2A2462BA-8A0D-436E-8811-66E69AD36B7D} - C:\WINDOWS\system32\nNeDWOee.dll (file missing) O2 - BHO: {e7721787-d105-9898-7024-0b8440200186} - {68100204-48b0-4207-8989-501d7871277e} - C:\WINDOWS\system32\zyahky.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {98AB1C50-3AD4-4399-80D6-DD14871418D6} - C:\WINDOWS\system32\xxyxYpnK.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D299A8E1-2F92-43D5-817D-5242CB4A2B35} - C:\WINDOWS\system32\pMdabxXr.dll (file missing) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [\\cad2\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\cad2\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouimet.local O17 - HKLM\Software\..\Telephony: DomainName = ouimet.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouimet.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ouimet.local O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ouimet.local O20 - AppInit_DLLs: zyahky.dll O20 - Winlogon Notify: nNeDWOee - nNeDWOee.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Symantec Corporation - C:\TEMP\Clt-Inst\vpremote.exe -- End of file - 8252 bytes