[ Resolu ] Cheval de troie =)

Bonjour Heu il y a un cheval de troie dans l'ordinateur de mon père qui est détecté par son antivirus AVG mais impossible de le supprimer. Je ne pense pas qu'il y ai que cela comme virus ...
Quelqu'un pourrait-il m'aider?
Merci beaucoup d'avance

Oui C:\Windows\System32\rqRLdEut.dll

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846

14:28:43 14/06/2008
mbam-log-6-14-2008 (14-28-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 156584
Temps écoulé: 27 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 57
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 75

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3dce744-06c7-4c09-b99d-f54254c0954f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea8279e1-f6b8-495a-8c6a-cb47bd8356d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7ccfdab-ccb0-46ad-8bf9-45aff6c7b742} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7bafe909-2f2d-4da0-a398-d22458caf3dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c93db567-3f35-408f-8de6-2b570db6a5a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bvtp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tuEdLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuEdLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Local\Temp\eydaapdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\alarm.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\click.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\dbinfo (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\success.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Re,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Re,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

AVG est desinstallé. Pourrais tu me conseiller un bon antivirus ( gratuit si possible ) pour proteger correctement l'ordinateur ?
Est-il endommagé ?? :s Ou est ce que l'on peut se debarrasser de tous ces virus ? Merci beaucoup de ton aide =)

Rapport ComboFix :
ComboFix 08-06-12.2 - Philippe 2008-06-16 10:18:20.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
Command switches used :: C:\Users\Philippe\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\qtvglped.dll
C:\Windows\system32\rqRLdEut.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\erulsvqh
C:\Windows\system32\rqRLdEut.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-15 12:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 12:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 12:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 12:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
2008-04-18 17:38 --------- d-----w C:\Program Files\Google
2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 16:11 --------- d-----w C:\Program Files\Real
2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_12.44.41.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
- 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-06-15 16:56:21 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b3a5c81e91bf9b1e63697e53a41ac0ed\AspNetMMCExt.ni.dll
+ 2008-06-15 15:03:34 425,984 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7b38b32ba60b3eb9195c4e1fcc2c3b9d\BDATunePIA.ni.dll
+ 2008-06-15 15:03:37 503,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a29c71731e54f91d32ccc55d5493126d\ComSvcConfig.ni.exe
+ 2008-06-15 16:56:21 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8b7076d09705567c6431176b693597ab\CustomMarshalers.ni.dll
+ 2008-06-15 16:56:22 15,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\314a2a2c7ac434889e2478150e910adf\dfsvc.ni.exe
+ 2008-06-15 16:56:22 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\56309ef1e57faa5e1c01a04a7e3aefc2\ehCIR.ni.dll
+ 2008-06-15 16:55:30 2,428,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\71e74bb49db5f69f8ed020dd1cb0b6b6\ehepg.ni.dll
+ 2008-06-15 16:55:37 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\507f31ea7666854edb2752be04453c54\ehepgdat.ni.dll
+ 2008-06-15 16:56:23 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\12b1c96d740bd58807beab61bb7a83e6\ehExtCOM.ni.dll
+ 2008-06-15 16:55:37 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\877e9f90267ecd61069716bd5c5c62b5\ehExtHost.ni.exe
+ 2008-06-15 16:55:57 24,576 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\9690acf6b16810061de6ed44368980a9\ehiExtCOM.ni.dll
+ 2008-06-15 16:55:38 188,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\52610279dc1c7658eafbf00b8d197bf9\ehiExtens.ni.dll
+ 2008-06-15 16:55:39 610,304 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\6c123aa14560b7dff4968bcfbcc48ba6\ehiPlay.ni.dll
+ 2008-06-15 16:55:31 983,040 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5f8aee18344b9910bbec6af974c074d5\ehiProxy.ni.dll
+ 2008-06-15 16:55:38 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\0b31398ed7a071f087b271393a522038\ehiReplay.ni.dll
+ 2008-06-15 16:55:36 58,368 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ca15bb63e13565d7b8b168403a0dbf37\ehiUserXp.ni.dll
+ 2008-06-15 16:55:39 839,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\f14b581820693d30efb00f6c2753ff1a\ehiVidCtl.ni.dll
+ 2008-06-15 16:55:40 376,832 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\54da10294f5f71396a622da622c8c820\ehiwmp.ni.dll
+ 2008-06-15 16:55:42 122,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9a8dbbf00820151502bf5886759bd9ff\ehiWUapi.ni.dll
+ 2008-06-15 16:55:42 1,949,696 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\7b990bb48f1fb6b6c8a1008922579cbd\ehRecObj.ni.dll
+ 2008-06-15 16:55:57 12,742,656 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\41dde58a0d3b2a978513f2a530590aae\ehshell.ni.dll
+ 2008-06-15 16:55:58 577,536 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\368debb045e28955b65910779050eccc\EventViewer.ni.dll
+ 2008-06-15 16:55:57 86,016 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\loadmxf\91672362ea8e76d7800c6d3176364d0b\loadmxf.ni.exe
+ 2008-06-15 16:55:43 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\ce94320ce05675ecc24593041cd9ca15\mcstore.ni.dll
+ 2008-06-15 16:55:44 315,392 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\6aa5747fb711f9d478b1b943fddf2b61\mcstoredb.ni.dll
+ 2008-06-15 16:56:05 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\98e5b56f1514e49a2dce1134beed3eda\mcupdate.ni.exe
+ 2008-06-15 16:55:57 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\81d064c3c21181a4a5ec456becbbef4c\Mcx2Dvcs.ni.dll
+ 2008-06-15 16:56:24 876,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e24c7a7e58f9b3432df623710b9c5e01\Microsoft.Build.Engine.ni.dll
+ 2008-06-15 16:56:24 81,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6dc26698fcb3f0f93759f3c38a6207d5\Microsoft.Build.Framework.ni.dll
+ 2008-06-15 16:56:26 1,695,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\87407c2d9c2530f716841b6d6ebdf563\Microsoft.Build.Tasks.ni.dll
+ 2008-06-15 16:56:26 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bdd6a68dce3ff4146b24afdf9759402b\Microsoft.Build.Utilities.ni.dll
+ 2008-06-15 16:56:06 1,441,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d521fc6793855857df18b7cb9ab0acaa\Microsoft.Ink.ni.dll
+ 2008-06-15 16:56:18 2,441,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\2f558d3a6d024dfcdd1d62233a067b40\Microsoft.JScript.ni.dll
+ 2008-06-15 16:55:59 614,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b059345a9c2a126e320e17c2090dd354\Microsoft.ManagementConsole.ni.dll
+ 2008-06-15 16:55:38 618,496 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\14343af24080e0f0b2acd869f6d1211d\Microsoft.MediaCenter.ni.dll
+ 2008-06-15 16:55:43 253,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\288266751f2bcc9d673520ed1d1ac7a2\Microsoft.MediaCenter.Shell.ni.dll
+ 2008-06-15 16:55:36 5,861,376 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7ffb1a8f14e79ec2ea006e54a4162c18\Microsoft.MediaCenter.UI.ni.dll
+ 2008-06-15 16:55:45 704,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\88cdfe079a647ffba0850e19ec3d2711\Microsoft.MediaCenter.Sports.ni.dll
+ 2008-06-15 16:55:28 1,232,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\198b25c569e8a6fbb78092fe9c697600\Microsoft.Transactions.Bridge.ni.dll
+ 2008-06-15 16:56:08 401,408 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b0da39820e35eb3821e69ac8ace491a1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-06-15 16:56:28 1,740,800 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a96c6b0c75f8ea3eb133018ba3b49f3f\Microsoft.VisualBasic.ni.dll
+ 2008-06-15 16:56:18 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\81c771cf263c377d46aaf249c7ab903a\Microsoft.Vsa.ni.dll
+ 2008-06-15 16:56:04 6,443,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66ad568e1ea098a2099364bf66bdaed8\MIGUIControls.ni.dll
+ 2008-06-15 16:56:10 1,691,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\f5934f1b89f7c8fb3f0bab1c21045f1c\MMCEx.ni.dll
+ 2008-06-15 16:56:00 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\a3d6cbb5a1efbd314e7080bbbd78d1cd\MMCFxCommon.ni.dll
+ 2008-06-15 16:56:10 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\29d0ab81098806db3b769de45054ea13\napcrypt.ni.dll
+ 2008-06-15 16:56:10 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\65fba2f3c000945397537d9646148f6c\naphlpr.ni.dll
+ 2008-06-15 16:56:11 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\ad70802a13332254382fd4bddbfbc8b3\napinit.ni.dll
+ 2008-06-15 16:56:11 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\ae9a564a6dd8814ba0ec381fd07be4bb\napsnap.ni.dll
+ 2008-06-15 16:56:31 2,641,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\1b896bbb7ed678902995f5a2479962e8\Narrator.ni.exe
+ 2008-06-15 16:56:32 1,581,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7c78c24952fad7252c7ff7f739fd6198\PresentationBuildTasks.ni.dll
+ 2008-06-15 16:56:36 2,035,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fa8522105eb716eed71e99bb9bfe06ee\PresentationUI.ni.dll
+ 2008-06-15 16:56:41 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\99836ab309902e40176dc5ca0854f7b2\ReachFramework.ni.dll
+ 2008-06-15 16:56:12 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\b682f5929b1f3f2a0b585cbc999df489\ServiceModelReg.ni.exe
+ 2008-06-15 16:55:21 303,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ee487a5b3e62f510183f68538f583135\SMDiagnostics.ni.dll
+ 2008-06-15 16:56:13 323,584 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\470e3064a09dc8107667143d09811786\SMSvcHost.ni.exe
+ 2008-06-15 16:55:31 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\07c3757edda55c714c4e69a94be4e35e\stdole.ni.dll
+ 2008-06-15 16:56:45 262,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\811305f0e9b3729e5a6a991b6645de92\sysglobl.ni.dll
+ 2008-06-15 15:04:00 1,183,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f293fee60fc17173a220dec17a8f2a4a\System.Data.OracleClient.ni.dll
+ 2008-06-15 15:04:01 512,000 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c99dec707cab9de8b03b8821a0716ac\System.DirectoryServices.Protocols.ni.dll
+ 2008-06-15 15:03:41 1,224,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b6dfa3ee72dae0f0aa3d072d3b5af2a6\System.DirectoryServices.ni.dll
+ 2008-06-15 15:03:39 659,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.ni.dll
+ 2008-06-15 15:03:39 294,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.Wrapper.dll
+ 2008-06-15 16:55:26 241,664 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5ff73b37102042c3e28f22106dde8ad4\System.IdentityModel.Selectors.ni.dll
+ 2008-06-15 16:55:25 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44573dbcf8c8046c8d4b9ba8109d90e7\System.IdentityModel.ni.dll
+ 2008-06-15 16:56:13 417,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\28b40aac039323938aa010da90240207\System.IO.Log.ni.dll
+ 2008-06-15 16:56:16 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
+ 2008-06-15 16:55:26 655,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1bb37d7286f4cd22de1b1e7f6d2950b2\System.Messaging.ni.dll
+ 2008-06-15 16:56:37 1,134,592 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d82ee3d7910c5dab8c97c4e7973d7bbc\System.Printing.ni.dll
+ 2008-06-15 15:03:43 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
+ 2008-06-15 16:55:24 2,445,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\529360b58964fe947006d8669aea62f3\System.Runtime.Serialization.ni.dll
+ 2008-06-15 16:55:20 18,071,552 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cfcba8cb539cb3dc5e92c544bd6d9dc5\System.ServiceModel.ni.dll
+ 2008-06-15 16:56:44 2,039,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b75eb02af4a4a29474726c41641ac18e\System.Speech.ni.dll
+ 2008-06-15 15:03:40 679,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\62dc499efc246da6806ba0b74ac447f1\System.Transactions.ni.dll
+ 2008-06-15 16:56:47 2,342,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7185958cf25ae6673e828dd1e7ac65ed\System.Web.Mobile.ni.dll
+ 2008-06-15 15:04:00 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\320ae07cc8c7b946d2944c63a72871fc\System.Web.RegularExpressions.ni.dll
+ 2008-06-15 15:03:58 1,986,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\af61137b092f7167a1bb6d5f8ee294d8\System.Web.Services.ni.dll
+ 2008-06-15 15:03:55 12,513,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
+ 2008-06-15 16:56:14 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\0a7389d61536c156ce0485a0a14d1c3f\TaskScheduler.ni.dll
+ 2008-06-15 16:56:48 483,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\247502ab3842b4a61f36dc4e0279f354\UIAutomationClient.ni.dll
+ 2008-06-15 16:56:49 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94bf31eac9cf2d253b451e225669e91c\UIAutomationClientsideProviders.ni.dll
+ 2008-06-15 16:56:50 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\32372878e4291ce171ce9eb482d9188a\WindowsFormsIntegration.ni.dll
+ 2008-06-15 16:56:15 380,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0ecb8c2a9fa7b6c5e7c9d77b44ff6eb1\WsatConfig.ni.exe
- 2008-06-15 10:40:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 08:22:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-19 07:34:08 373,248 ----a-w C:\Windows\ehome\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\ehome\ehglid.dll
- 2008-01-19 07:34:08 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll
- 2008-01-19 07:34:08 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
- 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
- 2008-01-10 05:50:47 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
- 2008-01-19 07:34:09 522,240 ----a-w C:\Windows\ehome\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\ehome\ehui.dll
- 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
- 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
- 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 10:38:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-15 10:55:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-07 18:24:48 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-16 08:16:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-07 18:24:48 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-16 08:16:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-07 18:24:48 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-16 08:16:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-07 18:24:48 672,096 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-16 08:16:00 672,096 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-15 10:38:28 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-06-15 21:32:15 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-06-15 10:24:48 12,382 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
+ 2008-06-16 08:13:05 12,778 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
- 2008-06-15 10:24:48 62,372 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 08:13:05 62,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-04 19:36:31 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-06-15 21:31:55 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-06-15 10:24:47 58,120 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 08:13:04 58,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-14 19:20:09 198,752 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-15 20:48:22 201,278 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll
+ 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe
+ 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll
+ 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll
+ 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll
+ 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll
+ 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe
+ 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe
+ 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll
+ 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll
+ 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe
+ 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll
+ 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll
+ 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll
+ 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll
+ 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll
+ 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll
+ 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll
+ 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll
+ 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll
+ 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll
+ 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll
+ 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll
+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll
+ 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll
+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll
+ 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll
+ 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll
+ 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll
+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll
+ 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll
+ 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll
+ 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 10:22:39
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-16 10:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 08:27:09
ComboFix2.txt 2008-06-15 10:44:57

Pre-Run: 206,790,066,176 octets libres
Post-Run: 206,875,549,696 octets libres

380 --- E O F --- 2008-06-15 15:02:02

Encore des soucis ?

Normalement nan.

AntiVir est bon. Pour Hijackthis et Combofix, tu peux supprimer.

Je n'arrive pas à supprimer les dossier norton internet security qui ne sert plus à rien ... c'est important ?

D'accord merci. Comment faire pour que Internet Explorer s'ouvre sans devoir à chaque fois cliquer sur autoriser l'ouverture de ce programme ? Sinon après tout est nickel ^^
Merci

Il se lance en mode admin ! Clic droit, et vérifie que t'as pas activer l'option "éxécuter en tant qu'administrateur"

C'est Vista Angel !

Quand je clique sur l'icone internet explorer il y a mon ecran qui s'assombris et une petite fenetre en bas à gauche qui dit : un programme non identifié veut acceder à votre ordinateur. puis annuler ou autoriser. Et oui c'est sur Vista

Clic droit, propriété... Sur l'application iexplorer.exe !

À mon avis, t'as encore des trucs sur ton PC ... Relance la panoplie Antivir, Adaware et cie !

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846

17:14:00 16/06/2008
mbam-log-6-16-2008 (17-14-00).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158303
Temps écoulé: 39 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:48, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Users\Philippe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8369 bytes

comment on fix ?
Alors à cet onglet rien n'est cochable il est écirt : les modes de compatibilités ne peuvent être appliqués à ce programme car il fait parti de cette version de Windows.
Mais la case executer ce programme en tant qu'administrateur n'est pas cochée

En tout cas Avira ne detecte plus rien ... C'est déjà ca. Merci de votre aide. Comment écrit on résolu au titre du sujet ?
=)

C'est bizarre son IE qui se lance en administrateur ... Vive vista