Redirection depuis google

Salut,

J'ai en ce moment un virus coriace qui redirectionne les liens depuis google.
J'ai déjà essayé différentes solutions que donnent les forums mais j'arrive pas a m'en débarrasser totalement.

mille mille mercis pour votre aide!!

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

salut
merci de me répondre!

ici c'est le log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by dalie at 2009-05-08 21:20:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (46%) free of 35 GB
Total RAM: 447 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:36, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\BitLord\BitLord.exe
C:\Documents and Settings\dalie\Desktop\foralexpc\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\dalie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9826 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-23 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-09 106496]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"LaunchApp"=Alaunch []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-11 7626752]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-11 86016]
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-19 49152]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-18 345088]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-23 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-06-06 544768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

C:\Documents and Settings\dalie\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox"
"C:\Acer\Empowering Technology\ePerformance\MemCheck.exe"="C:\Acer\Empowering Technology\ePerformance\MemCheck.exe:*:Enabled:MemCheck"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9047220-aec9-11dd-aabc-001921545811}]
shell\explore\command - J:\XGZP.PIF
shell\open\command - J:\XGZP.PIF

======List of files/folders created in the last 1 months======

2009-05-08 19:35:57 ----D---- C:\Program Files\BitLord
2009-05-06 02:12:19 ----D---- C:\Program Files\BitLord2
2009-05-02 23:21:30 ----A---- C:\Bug.txt
2009-04-30 01:07:30 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-04-30 01:07:22 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-04-30 01:00:19 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2009-04-29 09:26:02 ----SHD---- C:\RECYCLER
2009-04-28 08:57:54 ----A---- C:\ComboFix.txt
2009-04-28 08:46:47 ----A---- C:\WINDOWS\zip.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\vFind.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWSC.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\SWREG.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\sed.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-28 08:46:47 ----A---- C:\WINDOWS\grep.exe
2009-04-28 08:27:35 ----D---- C:\WINDOWS\ERDNT
2009-04-28 08:22:21 ----D---- C:\Qoobox
2009-04-27 09:05:40 ----HD---- C:\WINDOWS\PIF
2009-04-26 09:54:20 ----D---- C:\rsit
2009-04-25 09:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-25 09:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-25 09:00:33 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-25 08:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-25 08:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-25 08:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-25 08:59:00 ----A---- C:\WINDOWS\imsins.BAK
2009-04-25 08:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-25 08:55:07 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-24 10:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-24 09:39:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-24 09:36:17 ----A---- C:\TB.txt
2009-04-24 09:15:29 ----D---- C:\ToolBar SD
2009-04-24 09:15:21 ----D---- C:\Program Files\CCleaner
2009-04-24 03:34:05 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-24 03:33:05 ----A---- C:\rapport.txt
2009-04-24 02:43:05 ----D---- C:\Program Files\Lavasoft
2009-04-24 02:43:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-24 00:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-04-24 00:30:45 ----D---- C:\Program Files\Common Files\McAfee
2009-04-24 00:30:42 ----D---- C:\Program Files\McAfee.com
2009-04-24 00:30:31 ----D---- C:\Program Files\McAfee
2009-04-24 00:19:36 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-04-23 10:35:21 ----D---- C:\Program Files\Trend Micro
2009-04-23 09:59:07 ----A---- C:\cleannavi.txt
2009-04-17 23:55:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-17 23:54:34 ----D---- C:\Program Files\Common Files\Adobe
2009-04-17 23:50:46 ----D---- C:\Program Files\NOS
2009-04-17 23:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-17 10:53:51 ----A---- C:\fixnavi.txt
2009-04-17 10:52:15 ----D---- C:\Program Files\Navilog1
2009-04-12 14:51:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-12 10:02:21 ----D---- C:\WINDOWS\system32\Kaspersky Lab

======List of files/folders modified in the last 1 months======

2009-05-08 21:20:22 ----D---- C:\WINDOWS\temp
2009-05-08 21:14:40 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 21:02:59 ----D---- C:\WINDOWS\Prefetch
2009-05-08 20:43:40 ----A---- C:\WINDOWS\win.ini
2009-05-08 19:35:57 ----RD---- C:\Program Files
2009-05-08 16:34:16 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2009-05-08 16:33:58 ----D---- C:\WINDOWS\Registration
2009-05-08 16:33:46 ----AD---- C:\WINDOWS
2009-05-08 12:09:07 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-08 12:07:09 ----A---- C:\WINDOWS\WORDPAD.INI
2009-05-08 10:55:19 ----D---- C:\Program Files\Google
2009-05-08 10:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-08 10:55:13 ----SD---- C:\WINDOWS\Tasks
2009-05-08 10:55:11 ----SHD---- C:\WINDOWS\Installer
2009-05-06 02:48:10 ----RSD---- C:\WINDOWS\assembly
2009-05-06 02:48:10 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-06 02:19:46 ----AD---- C:\WINDOWS\system32
2009-05-06 02:19:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-06 02:16:25 ----D---- C:\WINDOWS\WinSxS
2009-05-06 02:15:17 ----HD---- C:\WINDOWS\inf
2009-05-06 02:15:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-06 02:14:59 ----D---- C:\Program Files\Internet Explorer
2009-05-06 02:14:44 ----D---- C:\WINDOWS\pchealth
2009-05-06 00:43:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-06 00:42:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-06 00:42:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 01:07:46 ----AD---- C:\WINDOWS\system32\drivers
2009-04-28 08:54:34 ----A---- C:\WINDOWS\system.ini
2009-04-28 08:50:34 ----D---- C:\WINDOWS\system32\config
2009-04-28 08:49:39 ----D---- C:\WINDOWS\AppPatch
2009-04-28 08:49:35 ----D---- C:\Program Files\Common Files
2009-04-28 08:46:46 ----D---- C:\WINDOWS\system32\Restore
2009-04-28 08:46:45 ----SHD---- C:\system volume information
2009-04-26 18:00:25 ----D---- C:\Program Files\GemMaster
2009-04-26 10:03:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-26 09:41:06 ----D---- C:\WINDOWS\system32\wbem
2009-04-25 09:05:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-25 09:04:03 ----D---- C:\WINDOWS\system32\en-us
2009-04-25 08:59:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-24 09:49:28 ----D---- C:\Program Files\NewTech Infosystems
2009-04-24 09:35:04 ----D---- C:\WINDOWS\Debug
2009-04-24 09:23:42 ----D---- C:\Program Files\Registry Mechanic
2009-04-24 09:23:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-24 02:34:11 ----D---- C:\Program Files\LimeWire
2009-04-17 23:54:34 ----D---- C:\Program Files\Adobe
2009-04-12 10:02:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-11 12:58:08 ----D---- C:\WINDOWS\BDOSCAN8

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-11 3934592]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-29 244864]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-30 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-30 24616]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090129.001\symidsco.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-12 28672]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-11 155715]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Répondre à unpamplemousse

et la le info.txt :

info.txt logfile of random's system information tool 1.06 2009-05-08 21:20:42

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer WLAN 11g USB Dongle-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1033
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Gimp 2.6.2 Debug-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
GTK2-Runtime-->C:\Program Files\GTK2-Runtime\gtk2_runtime_uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
ODZsnowsaverPC-->C:\Program Files\ODZsnowsaverPC\Uninstall.exe
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdaway_6BBB63755B7B133065E435E51557E416289081C4\amdaway.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: ACER-511EBA12DF
Event Code: 7034
Message: The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

Record Number: 12078
Source Name: Service Control Manager
Time Written: 20090402201941.000000+060
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 7031
Message: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Record Number: 12077
Source Name: Service Control Manager
Time Written: 20090402201941.000000+060
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\HENRIQUE-PC on the network \Device\NetBT_Tcpip_{BA475D0F-9962-4487-94B6-1A8E0E95A151}.
The data is the error code.

Record Number: 12071
Source Name: BROWSER
Time Written: 20090402195750.000000+060
Event Type: warning
User:

Computer Name: ACER-511EBA12DF
Event Code: 1003
Message: Error code 100000d1, parameter1 e1c60000, parameter2 00000002, parameter3 00000000, parameter4 f368dd00.

Record Number: 12067
Source Name: System Error
Time Written: 20090402194559.000000+060
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 8003
Message: The master browser has received a server announcement from the computer JFPB
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BA475D0F-9962-4487-94B6.
The master browser is stopping or an election is being forced.

Record Number: 12038
Source Name: MRxSmb
Time Written: 20090402194514.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: ACER-511EBA12DF
Event Code: 1000
Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00032c4f.

Record Number: 7096
Source Name: Application Error
Time Written: 20090212232012.000000+000
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 1000
Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00032c4f.

Record Number: 7095
Source Name: Application Error
Time Written: 20090212231957.000000+000
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 6583
Source Name: Application Hang
Time Written: 20090210152436.000000+000
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 1000
Message: Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe, version 0.8.4.0, fault address 0x00317628.

Record Number: 6570
Source Name: Application Error
Time Written: 20090210120953.000000+000
Event Type: error
User:

Computer Name: ACER-511EBA12DF
Event Code: 1002
Message: Hanging application vlc.exe, version 0.8.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 6498
Source Name: Application Hang
Time Written: 20090210100114.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\GTK2-Runtime\lib
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Répondre à unpamplemousse

Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
Lance l'installation avec les paramètres par défaut.
Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
Double-clique sur le raccourci UsbFix sur ton Bureau.
Choisis l'option 1 (Recherche).
Laisse travailler l'outil.
Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Répondre à Destrio5

ok, voila le log :

############################## [ UsbFix V3.017 # Scan ]

# User : dalie (Administrators) # ACER-511EBA12DF
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 9:40:35 PM | 5/8/2009

# AMD Sempron(tm) Processor 3200+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Local Fixed Disk # 34.1 Go (15.73 Go free) [ACER] # NTFS
# D:\ # Local Fixed Disk # 34.57 Go (34.57 Go free) [ACERDATA] # FAT32
# E:\ # CD-ROM Disc
# F:\ # Removable Disk # 124 Mo (47.3 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.google.fr/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="dalie"
HKLM_logon: "AltDefaultUserName"="dalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: ehTray=C:\WINDOWS\ehome\ehtray.exe
HKLM_Run: LaunchApp=Alaunch
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: SkyTel=SkyTel.EXE
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: Acer Empowering Technology Monitor=C:\WINDOWS\system32\SysMonitor.exe
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
HKLM_Run: eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: mcagent_exe="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM_Run: McENUI=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
HKLM_Run: SMSERIAL=sm56hlpr.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.txt
Found ! F:\Recycled\ctfmon.exe

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

Répondre à unpamplemousse

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.
Choisis l'option 2 (Suppression).
Ton Bureau disparaîtra et le PC redémarrera.
Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

Répondre à Destrio5

ok, le log :

############################## [ UsbFix V3.017 # Cleaning ]

# User : dalie (Administrators) # ACER-511EBA12DF
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 10:01:34 PM | 5/8/2009

# AMD Sempron(tm) Processor 3200+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Local Fixed Disk # 34.1 Go (15.73 Go free) [ACER] # NTFS
# D:\ # Local Fixed Disk # 34.57 Go (34.57 Go free) [ACERDATA] # FAT32
# E:\ # CD-ROM Disc
# F:\ # Removable Disk # 124 Mo (47.3 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\eHome\ehRec.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.txt
Deleted ! F:\Recycled\ctfmon.exe

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b9047220-aec9-11dd-aabc-001921545811}\Shell\explore\Command

################## [ Listing des fichiers présent ]

[04/26/2009 17:45|--a------|1564] - C:\aaw7boot.log
[08/11/2006 22:04|--a------|50] - C:\AUTOEXEC.BAT
[11/10/2008 02:34|-rahs----|221] - C:\boot.ini
[05/02/2009 23:22|--a------|1040] - C:\Bug.txt
[04/23/2009 10:03|--a------|3482] - C:\cleannavi.txt
[04/28/2009 08:57|--a------|16643] - C:\ComboFix.txt
[08/11/2006 21:40|--a------|0] - C:\CONFIG.SYS
[04/22/2009 23:44|--a------|3259] - C:\fixnavi.txt
[?|?|?] - C:\hiberfil.sys
[08/11/2006 21:40|-rahs----|0] - C:\IO.SYS
[08/11/2006 21:40|-rahs----|0] - C:\MSDOS.SYS
[08/10/2004 21:00|-rahs----|47564] - C:\NTDETECT.COM
[11/14/2008 11:32|-rahs----|250048] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[08/11/2006 14:29|--a------|80] - C:\preload.aaa
[04/25/2009 01:40|--a------|5593] - C:\rapport.txt
[08/11/2006 21:52|--a------|499] - C:\RHDSetup.log
[05/06/2009 10:05|--a------|2228] - C:\TB.txt
[05/08/2009 22:02|--a------|3355] - C:\UsbFix.txt
[03/23/2009 15:42|--a------|27777399] - F:\Satrapi__Persepolis_2__French_.pdf
[03/23/2009 15:46|--a------|25312960] - F:\Satrapi__Persepolis_4__French_.pdf
[03/23/2009 15:45|--a------|24396353] - F:\Satrapi__Persepolis_1__French_.pdf
[04/03/2009 18:55|--a------|2906216] - F:\mbam-setup.exe

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

Répondre à unpamplemousse

Désinstalle UsbFix.

Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
Double-clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)

Répondre à Destrio5

voila le log :

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Répondre à unpamplemousse

Citation :

BitLord 1.1

---> Je déconseille ce logiciel qui contient un adware.

Désinstalle J2SE Runtime Environment 5.0 Update 6 et Java 6 Update 7.

Ton PC a encore des problèmes ?

Répondre à Destrio5

ok merci, (ça veut dire que c'est pas forcement du a un virus? sorry jsuis curieuse..)

Mais ouais, il y a toujours des redirections mais on dirait que c'est moins fréquent ; il reste, toujours depuis google, des redirections vers un prétendu scanneur en ligne ..
(Cependant, je dois avouer que j'ai laissé bitlord (..) )

Répondre à unpamplemousse

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

Télécharge ComboFix (sUBs) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

ComboFix 09-05-08.03 - dalie 05/08/2009 23:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.212 [GMT 1:00]
Running from: c:\documents and settings\dalie\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-08 20:38 . 2009-05-08 21:10 -------- d-----w C:\UsbFix
2009-05-08 18:35 . 2009-05-08 18:37 -------- d-----w c:\program files\BitLord
2009-05-06 01:23 . 2009-05-06 08:58 -------- d-----w c:\documents and settings\dalie\Local Settings\Application Data\BitLord
2009-05-06 01:12 . 2009-05-08 18:25 -------- d-----w c:\program files\BitLord2
2009-04-30 00:07 . 2008-03-21 12:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-04-30 00:00 . 2009-04-29 23:59 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-30 00:00 . 2009-04-29 23:59 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-27 08:05 . 2009-04-27 08:05 -------- d--h--w c:\windows\PIF
2009-04-26 08:54 . 2009-05-08 20:20 -------- d-----w C:\rsit
2009-04-25 07:55 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-25 07:55 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-25 07:55 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-25 07:55 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-25 07:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 07:55 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 07:55 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 07:55 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-25 07:55 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-25 07:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-25 07:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 09:00 . 2009-04-26 17:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-24 08:15 . 2009-05-06 09:05 -------- d-----w C:\ToolBar SD
2009-04-24 08:15 . 2009-04-24 08:15 -------- d-----w c:\program files\CCleaner
2009-04-24 02:31 . 2009-04-24 02:39 -------- d-----w c:\documents and settings\dalie\SmitfraudFix
2009-04-24 01:43 . 2009-04-26 16:59 -------- d-----w c:\program files\Lavasoft
2009-04-24 01:43 . 2009-04-26 16:59 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-23 23:50 . 2009-04-23 23:50 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-23 23:35 . 2009-04-23 23:35 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-23 23:31 . 2009-03-25 10:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-23 23:31 . 2009-03-25 10:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-23 23:31 . 2009-03-25 10:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-23 23:31 . 2008-10-23 12:08 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-23 23:30 . 2009-04-23 23:31 -------- d-----w c:\program files\Common Files\McAfee
2009-04-23 23:30 . 2009-04-23 23:30 -------- d-----w c:\program files\McAfee.com
2009-04-23 23:30 . 2009-04-25 07:46 -------- d-----w c:\program files\McAfee
2009-04-23 23:25 . 2009-03-25 10:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-23 23:19 . 2009-04-23 23:36 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-23 09:35 . 2009-04-23 09:35 -------- d-----w c:\program files\Trend Micro
2009-04-17 22:58 . 2009-04-17 23:08 -------- d-----w c:\documents and settings\dalie\.SunDownloadManager
2009-04-17 22:54 . 2009-04-17 22:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 22:50 . 2009-04-18 09:39 -------- d-----w c:\program files\NOS
2009-04-17 22:50 . 2009-04-18 09:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-17 09:52 . 2009-04-24 00:55 -------- d-----w c:\program files\Navilog1
2009-04-12 13:51 . 2009-04-12 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-12 09:02 . 2009-04-12 09:02 -------- d-----w c:\windows\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 21:47 . 2008-11-10 01:36 -------- d-----w c:\program files\Java
2009-05-08 09:55 . 2008-11-12 07:30 -------- d-----w c:\program files\Google
2009-05-05 23:43 . 2006-08-11 21:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 00:07 . 2009-04-30 00:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-30 00:07 . 2009-04-30 00:07 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-29 23:59 . 2006-03-01 10:25 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-26 17:00 . 2006-08-11 20:56 -------- d-----w c:\program files\GemMaster
2009-04-26 09:03 . 2009-04-03 18:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-24 08:49 . 2006-08-11 21:04 -------- d-----w c:\program files\NewTech Infosystems
2009-04-24 01:34 . 2008-11-11 23:15 -------- d-----w c:\program files\LimeWire
2009-04-06 14:32 . 2009-04-03 18:07 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-04-03 18:07 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-28 13:30 . 2009-03-28 13:30 -------- d-----w c:\program files\IZArc
2009-03-25 10:06 . 2009-03-25 10:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-23 22:18 . 2009-03-23 22:18 -------- d-----w c:\program files\Common Files\xing shared
2009-03-23 22:18 . 2008-11-25 12:56 -------- d-----w c:\program files\Common Files\Real
2009-03-09 05:19 . 2008-12-07 10:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 20:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-22 09:34 . 2008-11-10 01:44 40352 ----a-w c:\documents and settings\dalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2004-08-10 20:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 19:45 . 2009-02-09 19:45 591644 ----a-w c:\windows\ODZsnowsaverPC.scr
2009-02-09 12:10 . 2004-10-28 01:21 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-07-26 04:39 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 20:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 20:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-10-06 00:06 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 01:15 . 2009-02-09 00:51 31381288 ----a-w c:\program files\setupfre.exe
2008-11-26 12:19 . 2008-11-26 12:19 9407598 ----a-w c:\program files\vlc-084.exe
2008-11-25 22:47 . 2008-11-25 22:47 3467800 ----a-w c:\program files\va22.exe
2008-11-13 18:59 . 2008-11-13 18:59 7606832 ----a-w c:\program files\Firefox Setup 3.0.3.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_07.54.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-28 07:52 . 2009-04-28 07:52 16384 c:\windows\temp\Perflib_Perfdata_188.dat
+ 2009-05-08 21:00 . 2009-05-08 21:00 16384 c:\windows\temp\Perflib_Perfdata_188.dat
+ 2006-08-11 20:54 . 2009-05-06 01:19 63220 c:\windows\system32\perfc009.dat
+ 2005-09-23 06:28 . 2005-09-23 06:28 74240 c:\windows\system32\mscories.dll
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 91264 c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrsce.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 99712 c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrobex.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 14848 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdfl.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrwhnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 63360 c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrceb.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 12160 c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrwhnt.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 83200 c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrbus.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 35880 c:\windows\system32\DRVSTORE\semis06_951EEEC36412602D8ACC8E4FBFB724AC1ED1A5BF\semis06.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 24616 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\ggsemc.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 13224 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\ggflt.sys
+ 2008-03-27 15:27 . 2008-03-27 15:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2005-09-23 06:28 . 2005-09-23 06:28 83456 c:\windows\system32\dfshim.dll
+ 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-02 22:05 . 2009-04-28 07:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-02 22:05 . 2009-05-08 19:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-09-23 06:28 . 2005-09-23 06:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 06:28 . 2005-09-23 06:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 06:29 . 2005-09-23 06:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 05:36 . 2005-09-23 05:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 05:30 . 2005-09-23 05:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 05:47 . 2005-09-23 05:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 05:46 . 2005-09-23 05:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 05:44 . 2005-09-23 05:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 05:42 . 2005-09-23 05:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 05:40 . 2005-09-23 05:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 05:38 . 2005-09-23 05:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 05:38 . 2005-09-23 05:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 02:46 . 2005-09-23 02:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 05:36 . 2005-09-23 05:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 05:34 . 2005-09-23 05:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 05:32 . 2005-09-23 05:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-05-06 01:47 . 2009-05-06 01:47 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c8424bb4fa3aa44888b5cd3b6057e198\Microsoft.Build.Framework.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c4951da462e5d3459cf89c268d82db48\dfsvc.ni.exe
+ 2009-05-06 01:47 . 2009-05-06 01:47 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9d6d76c91278b44e8a046434df4953a8\Accessibility.ni.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-08-11 20:54 . 2009-05-06 01:19 402736 c:\windows\system32\perfh009.dat
+ 2005-09-23 06:28 . 2005-09-23 06:28 150016 c:\windows\system32\mscorier.dll
+ 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrmdmc.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2009-04-30 00:00 . 2009-04-29 23:59 109568 c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2008-03-27 15:27 . 2008-03-27 15:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2005-09-23 06:28 . 2005-09-23 06:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 06:57 . 2005-09-23 06:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 06:01 . 2005-09-23 06:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-05-06 01:48 . 2009-05-06 01:48 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3f37ce15e9f97f4a9ba2093c995000d7\System.Web.RegularExpressions.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d69c109116abbf449c42e6902c7b234c\System.Transactions.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\d824c62b748c794d82f2e115111d0211\System.Security.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\212e9a1cc9cc0543b75f44131a0b68ef\System.EnterpriseServices.Wrapper.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\212e9a1cc9cc0543b75f44131a0b68ef\System.EnterpriseServices.ni.dll
+ 2009-05-06 01:18 . 2009-05-06 01:18 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\649e37cc30a5754fb1646144f66d7b89\System.Drawing.Design.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5c55f7ad4c4b7044b21432ee2776fcc2\System.DirectoryServices.Protocols.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c7ec3bb754944c4183a4a86fa074e600\System.Configuration.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7c81eb9ffddc4546a3251e53a42eba0d\Microsoft.Build.Utilities.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a32f8e8832ca1645941a454184a50bd4\Microsoft.Build.Engine.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7eba96761e0174b9fafad9d8e5cb61d\CustomMarshalers.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\81222fe4caa3ff40b92f448ee5afc625\AspNetMMCExt.ni.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-04-30 00:00 . 2009-04-29 23:59 1107296 c:\windows\system32\DRVSTORE\ggsemc_64A4DD7DEFFA583EB61D3335216E513C3C7C189A\x86\WdfCoInstaller01007.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 06:29 . 2005-09-23 06:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 06:28 . 2005-09-23 06:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 06:28 . 2005-09-23 06:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-05-06 01:18 . 2009-05-06 01:18 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\d636d1b22a6ecc40a41ea733b3ea80e7\System.ni.dll
+ 2009-05-06 01:19 . 2009-05-06 01:19 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9dbe53496263574a975f93d348c89328\System.Xml.ni.dll
+ 2009-05-06 01:48 . 2009-05-06 01:48 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\4937beac9f686c46b0cefc9f62d36718\System.Web.Services.ni.dll
+ 2009-05-06 01:48 . 2009-05-06 01:48 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7003795051414a49a20f06c367668a63\System.Web.Mobile.ni.dll
+ 2009-05-06 01:18 . 2009-05-06 01:18 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\176efc7adec7ea4083b5751038cf5098\System.Drawing.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d8732a5e88c4a84699bf3418e684543c\System.DirectoryServices.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4d1eb0f7b833414b884b4f27beea5f9b\System.Deployment.ni.dll
+ 2009-05-06 01:19 . 2009-05-06 01:19 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\399b55db09738b43bd4c96c75c31f378\System.Data.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7a80b0bc6bb5314984765b405ca19a69\Microsoft.VisualBasic.ni.dll
+ 2009-05-06 01:47 . 2009-05-06 01:47 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\654f1143b235b541a3534a55b90a67c7\Microsoft.Build.Tasks.ni.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-05-06 01:16 . 2009-05-06 01:16 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-05-06 01:18 . 2009-05-06 01:18 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4ae1d760aa705c418a1ad0e2a6edc5a2\System.Windows.Forms.ni.dll
+ 2009-05-06 01:48 . 2009-05-06 01:48 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\395709cb274e794c85baf05e800184c9\System.Web.ni.dll
+ 2009-05-06 01:19 . 2009-05-06 01:19 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\20723d0cc7f1804db651e52a6c63757a\System.Design.ni.dll
+ 2009-05-06 01:17 . 2009-05-06 01:17 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5c3af684397a9e4987aab13390edb1f0\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\dalie\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-10 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/24/2009 12:35 AM 210216]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/30/2009 1:00 AM 13224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBACKMONITOR
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-23 09:53]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-23 09:53]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703502&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.fr.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 23:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(188)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-08 23:26
ComboFix-quarantined-files.txt 2009-05-08 22:26
ComboFix2.txt 2009-04-28 07:57

Pre-Run: 17,018,449,920 bytes free
Post-Run: 17,093,107,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

483 --- E O F --- 2009-04-25 08:05

Répondre à unpamplemousse

1/

Désinstalle HijackThis.
Menu Démarrer > Exécuter > Tape combofix /u et valide.

Télécharge ToolsCleaner2 sur ton Bureau.
Double-clique sur ToolsCleaner2.exe pour le lancer.
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options Facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

Télécharge et installe CCleaner Slim.
Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Répondre à Destrio5

ok oui maintenant c'est nickel
mille mercis encore pour ton aide :*!

Répondre à unpamplemousse

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .
Rajoute la mention [Résolu] devant le titre.
Clique ensuite sur Valider votre message.

Répondre à Destrio5

salut,

Ben en fait non pas du tout, le problème existe toujours..
Les redirections s'étaient juste calmées.. ça m'énerve!

Répondre à unpamplemousse

Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

En bas à droite, clique sur Démarrer Online-scanner.

Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

Accepte les Contrôles ActiveX.

Choisis Poste de travail pour le scan.

Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

Pour t'aider à utiliser le scan en ligne : Tutoriel

Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

Répondre à Destrio5

hé,

ça a pris un peu de temps.. je l'avais déjà fait mais je savais pas quoi faire du résultat, donc voila le rapport :

Statistiques de l'analyse
Total d'objets analysés 56145
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:18:43

Nom de l'objet infecté Nom du virus Dernière action
C:\autorun.inf\lpt3.This folder was created by UsbFix L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MBK\78d7ebc7-49cd-462f-b8e4-94d967a2eeab\ARBUSFILE.GDB L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MNM\NDData L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{8F846C9B-BD78-48DB-9146-534EC695E615}.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CF386B26-540F-4A48-BD08-B074707CE811}.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\SA.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR60.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\content-prefs.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\cookies.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\downloads.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\formhistory.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\permissions.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\places.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\places.sqlite-journal L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\ApplicationHistory\SysMonitor.exe.49302a1.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\fcs0qnkf.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\temp\etilqs_8UlXL121qnw3WUErbBJW L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\temp\fb_488.lck L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\temp\~DFAF9B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\temp\~DFD82.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\temp\~DFD99.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\dalie\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002001.com L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002078.com L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002080.com L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002375.exe L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002427.com L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002429.com L'objet est verrouillé ignoré
C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP15\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt L'objet est verrouillé ignoré
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{60FD8B6E-10D5-4A9E-ACC6-27C699608DDE}.crmlog L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\temp\mcafee_wqZJ1UhUB6C3txB L'objet est verrouillé ignoré
C:\WINDOWS\temp\mcmsc_heSaYFjN6o31MEB L'objet est verrouillé ignoré
C:\WINDOWS\temp\mcmsc_JZE7GUmisHz70dD L'objet est verrouillé ignoré
C:\WINDOWS\temp\mcmsc_MVmb1LrbxoLtCXp L'objet est verrouillé ignoré
C:\WINDOWS\temp\mcmsc_sls6WihldtvAh7X L'objet est verrouillé ignoré
C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_1SSyeeCf1Y5PsMy L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_LbYhI2SAAjTHJJ0 L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_PWwDUacI0YJm0R0 L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_tX4sedftijXX5GN L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_WXyTnbRgpoxDpKb L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_Yjwm5gU80WCCkGu L'objet est verrouillé ignoré
C:\WINDOWS\temp\sqlite_ZDoZAFiYYdf7zwE L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\autorun.inf\lpt3.This folder was created by UsbFix L'objet est verrouillé ignoré
Analyse terminée.

Répondre à unpamplemousse

Pas d'infection trouvée.

Tu es sûr que le problème ne vient pas de BitLord ?

Répondre à Destrio5

ben, je l'ai désinstallé et toujours des redirections..

Répondre à unpamplemousse

Télécharge Dr.Web CureIt! sur ton Bureau.
Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
Choisis l'onglet Scanner, et décoche Analyse heuristique.
De retour à la fenêtre principale : choisis Analyse complète.
Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
Clique Oui pour Tout si un fichier est détecté.
A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
Ferme Dr.Web CureIt!
Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.

Répondre à Destrio5

bonjour
j'ai le même problème de redirection, et peut-etre pire puisque j'ai des problèmes avec explorer (qui plante et se ferme) et firefox (mais c'est peut-etre du au fait que j'ai installé la nouvelle version 3). J'utilise maintenant opera mais le problème de redirection persiste.

est-ce que je dois suivre la meme procédure décrite ici ?
excuser mon ignorance mais j'ai lu differentes solutions donc je ne sais pas laquelle suivre

Répondre à magicbox

magicbox, je te conseille de créer ton propre sujet

Répondre à Destrio5

bonsoir,

j'ai fini le scan avec drweb, mais ces redirections persistent...
voila ce que drweb a trouvé :

ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\dalie\Desktop\foralexpc\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\dalie\Desktop\foralexpc;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\dalie\Desktop\foralexpc;Container contains infected objects;Deleted.;
smitfraudfix_smitfraudfix_2.412_francais_253624.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\dalie\Desktop\foralexpc\smitfraudfix_smitfraudfix_2.412_francais_253624.exe;Tool.Prockill;;
smitfraudfix_smitfraudfix_2.412_francais_253624.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\dalie\Desktop\foralexpc\smitfraudfix_smitfraudfix_2.412_francais_253624.exe;Tool.ShutDown.14;;
smitfraudfix_smitfraudfix_2.412_francais_253624.exe;C:\Documents and Settings\dalie\Desktop\foralexpc;Archive contains infected objects;Deleted.;
A0001718.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP10;Tool.Prockill;Deleted.;
A0002107.exe\data014;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12\A0002107.exe;Tool.Prockill;;
A0002107.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Container contains infected objects;Deleted.;
A0002153.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.Prockill;Deleted.;
A0002156.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.ShutDown.14;Deleted.;
A0002180.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.Prockill;Deleted.;
A0002183.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP12;Tool.ShutDown.14;Deleted.;
A0000024.exe;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP2;Tool.Prockill;Deleted.;
A0000046.EXE;C:\system volume information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP2;Program.PsExec.170;Deleted.;
b204.msi\stream005;C:\WINDOWS\Installer\b204.msi;Tool.WiFiKill;;
b204.msi;C:\WINDOWS\Installer;Archive contains infected objects;Deleted.;
Kill1211.exe;C:\WINDOWS\system32;Tool.WiFiKill;Deleted.;

Répondre à unpamplemousse

Tes redirections n'ont pas l'air de venir d'une infection.

Répondre à Destrio5

??

cool mais qu'est ce que je dois faire?

Répondre à unpamplemousse

Tu utilises Internet Explorer ou Firefox ?

Répondre à Destrio5

firefox

Répondre à unpamplemousse

Forum Sécurité - Virus : Redirection depuis google