rootkit(syteme32kdush.exe)

tarifa01 · le 13 Nov 2008 20:18

Bonjour, mon antivirus bit defender internet security 2008 m'a détecté un rootkit qu'il ne peut pas supprimer car masqué.

Les symptomes sur mon ordi. sont les suivants:

- connection automatique sur internet sans mon accord!

- je ne peux plus faire une mise à jour automatique de windows ( j'ai IE sur windows XP pro ) IE me redirige sur un autre site (MSN). Bref j'ai des problèmes!

Je me suis inspiré d'un précédent post et j'ai effectué un balayage avec malwarebytes dont voici le rapport:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 2

13/11/2008 19:29:37
mbam-log-2008-11-13 (19-29-37).txt

Type de recherche: Examen complet (C:|D:|E:|F:|)
Eléments examinés: 95680
Temps écoulé: 34 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOTCLSID{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystem (Rootkit.DNSChanger.H) -> Data: kdush.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{ee0871cd-59b5-4f02-a739-cfbab6e97627}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.90;85.255.112.60 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
E: esycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
E:WINDOWSsystem32kdush.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
E: esycledoot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

et ensuite j'ai fait la manip avec SDFIX dont voici la rapport après "travaux":
SDFix: Version 1.240
Run by PASCAL on 13/11/2008 at 19:48

Microsoft Windows XP [version 5.1.2600]
Running From: E:SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 20:01:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="E:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32.exe"
"E:\Program Files\IncrediMail\bin\ImApp.exe"="E:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"E:\Program Files\IncrediMail\bin\IncMail.exe"="E:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"E:\Program Files\IncrediMail\bin\ImpCnt.exe"="E:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Tue 11 Dec 2007 212 A.SH. --- "E:disquecBOOT.BAK"
Tue 3 May 2005 69,632 ...HR --- "E:WINDOWSAlcmtr.exe"
Thu 4 May 2006 2,808,832 ...HR --- "E:WINDOWSalcwzrd.exe"
Mon 17 Dec 2007 14,656 A..H. --- "E:WINDOWSgdrv.sys"
Wed 13 Dec 2006 10,752 A..H. --- "E:WINDOWShh.exe"
Wed 26 Dec 2007 1,393 A..H. --- "E:WINDOWSimsins.BAK"
Wed 7 Oct 1998 327,168 A..H. --- "E:WINDOWSIsUn040c.exe"
Wed 11 Oct 2006 2,157,568 ...HR --- "E:WINDOWSMicCal.exe"
Wed 5 Jul 2006 577,536 A..H. --- "E:WINDOWS
otepad.exe"
Thu 19 Aug 2004 331,264 A..H. --- "E:WINDOWS egedit.exe"
Tue 14 Nov 2006 16,270,848 ...HR --- "E:WINDOWSRTHDCPL.exe"
Thu 4 May 2006 9,709,568 ...HR --- "E:WINDOWSRTLCPL.exe"
Tue 12 Sep 2006 499,712 ...HR --- "E:WINDOWSRtlExUpd.dll"
Mon 13 Nov 2006 1,183,744 ...HR --- "E:WINDOWSRtlUpd.exe"
Tue 16 May 2006 2,879,488 ...HR --- "E:WINDOWSSkyTel.exe"
Fri 21 Jul 2006 86,016 ...HR --- "E:WINDOWSSoundMan.exe"
Fri 6 Sep 2002 15,872 A..H. --- "E:WINDOWSTASKMAN.EXE"
Fri 6 Sep 2002 94,864 A..H. --- "E:WINDOWS wain.dll"
Thu 19 Aug 2004 50,688 A..H. --- "E:WINDOWS wain_32.dll"
Fri 6 Sep 2002 49,680 A..H. --- "E:WINDOWS wunk_16.exe"
Fri 6 Sep 2002 25,600 A..H. --- "E:WINDOWS wunk_32.exe"
Fri 6 Feb 1998 304,128 A..H. --- "E:WINDOWSunin040c.exe"
Fri 6 Feb 1998 299,520 A..H. --- "E:WINDOWSuninst.exe"
Fri 6 Sep 2002 18,944 A..H. --- "E:WINDOWSvmmreg32.dll"
Fri 6 Sep 2002 256,768 A..H. --- "E:WINDOWSwinhelp.exe"
Thu 19 Aug 2004 288,256 A..H. --- "E:WINDOWSwinhlp32.exe"
Fri 6 Sep 2002 707 A..H. --- "E:WINDOWS\_default.pif"
Thu 19 Aug 2004 185,344 ...H. --- "E:WINDOWS$NtUninstallKB931261$upnphost.dll"
Wed 13 Dec 2006 1,084,416 ...H. --- "E:WINDOWS$NtUninstallKB936021$msxml3.dll"
Wed 4 Aug 2004 72,960 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqac.sys"
Thu 19 Aug 2004 138,240 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqad.dll"
Thu 19 Aug 2004 47,104 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqdscli.dll"
Thu 19 Aug 2004 16,896 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqise.dll"
Thu 19 Aug 2004 660,992 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqqm.dll"
Thu 19 Aug 2004 177,152 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqrt.dll"
Thu 19 Aug 2004 95,744 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqsec.dll"
Thu 19 Aug 2004 48,640 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqupgrd.dll"
Thu 19 Aug 2004 527,360 ...H. --- "E:WINDOWS$NtUninstallKB937894$mqutil.dll"
Sat 17 Jul 2004 27,440 ...H. --- "E:WINDOWS$NtUninstallKB944653$secdrv.sys"
Sat 18 Nov 2006 60,416 ...H. --- "E:WINDOWS$NtUninstallKB942763$ zchange.exe"
Fri 6 Sep 2002 119,808 ...H. --- "E:WINDOWS$NtUninstallKB926436$oledlg.dll"
Wed 13 Dec 2006 292,352 ...H. --- "E:WINDOWS$NtUninstallKB930178$winsrv.dll"
Wed 13 Dec 2006 1,050,624 ...H. --- "E:WINDOWS$NtUninstallKB935839$kernel32.dll"
Wed 18 Oct 2006 414,208 ...H. --- "E:WINDOWS$NtUninstallKB929399$msscp.dll"
Wed 13 Dec 2006 209,280 ...H. --- "E:WINDOWS$NtUninstallKB936357$update.sys"
Thu 19 Aug 2004 1,852,416 A..H. --- "E:WINDOWSAppPatchAcGenral.dll"
Thu 19 Aug 2004 450,048 A..H. --- "E:WINDOWSAppPatchAcLayers.dll"
Thu 19 Aug 2004 137,728 A..H. --- "E:WINDOWSAppPatchAcLua.dll"
Thu 19 Aug 2004 244,736 A..H. --- "E:WINDOWSAppPatchAcSpecfc.dll"
Thu 19 Aug 2004 116,224 A..H. --- "E:WINDOWSAppPatchAcXtrnal.dll"
Thu 13 Oct 2005 15,072 A..H. --- "E:WINDOWS$hf_mig$KB926436spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "E:WINDOWS$hf_mig$KB926436spuninst.exe"
Thu 19 Jan 2006 15,072 A..H. --- "E:WINDOWS$hf_mig$KB931261spmsg.dll"
Thu 19 Jan 2006 216,800 A..H. --- "E:WINDOWS$hf_mig$KB931261spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "E:WINDOWS$hf_mig$KB937894spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "E:WINDOWS$hf_mig$KB937894spuninst.exe"
Tue 6 Mar 2007 15,072 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7spmsg.dll"
Tue 6 Mar 2007 216,800 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "E:WINDOWS$hf_mig$KB938828spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "E:WINDOWS$hf_mig$KB938828spuninst.exe"
Tue 6 Mar 2007 15,072 A..H. --- "E:WINDOWS$hf_mig$KB942763spmsg.dll"
Tue 6 Mar 2007 216,800 A..H. --- "E:WINDOWS$hf_mig$KB942763spuninst.exe"
Tue 6 Mar 2007 15,072 A..H. --- "E:WINDOWS$hf_mig$KB944653spmsg.dll"
Tue 6 Mar 2007 216,800 A..H. --- "E:WINDOWS$hf_mig$KB944653spuninst.exe"
Thu 19 Jan 2006 216,800 ...H. --- "E:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe"
Thu 19 Jan 2006 394,976 ...H. --- "E:WINDOWS$NtUninstallKB931261$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB936021$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB937894$spuninstupdspapi.dll"
Tue 6 Mar 2007 216,800 ...H. --- "E:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe"
Tue 6 Mar 2007 394,976 ...H. --- "E:WINDOWS$NtUninstallKB944653$spuninstupdspapi.dll"
Tue 6 Mar 2007 216,800 ...H. --- "E:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe"
Tue 6 Mar 2007 394,976 ...H. --- "E:WINDOWS$NtUninstallKB942763$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB926436$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB930178$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB938828$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB935839$spuninstupdspapi.dll"
Thu 18 Nov 2004 209,632 ...H. --- "E:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe"
Thu 18 Nov 2004 371,936 ...H. --- "E:WINDOWS$NtUninstallKB888111WXPSP2$spuninstupdspapi.dll"
Thu 13 Oct 2005 216,800 ...H. --- "E:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe"
Thu 13 Oct 2005 394,976 ...H. --- "E:WINDOWS$NtUninstallKB928843$spuninstupdspapi.dll"
Tue 28 Jun 2005 213,216 ...H. --- "E:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
Tue 28 Jun 2005 371,424 ...H. --- "E:WINDOWS$NtUninstallKB929399$spuninstupdspapi.dll"
Thu 19 Jan 2006 216,800 ...H. --- "E:WINDOWS$NtUninstallKB936357$spuninstspuninst.exe"
Thu 19 Jan 2006 394,976 ...H. --- "E:WINDOWS$NtUninstallKB936357$spuninstupdspapi.dll"
Mon 16 Oct 2006 124,928 A..H. --- "E:WINDOWS$hf_mig$KB926436SP2QFEoledlg.dll"
Thu 13 Oct 2005 22,752 A..H. --- "E:WINDOWS$hf_mig$KB926436updatespcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "E:WINDOWS$hf_mig$KB926436updateupdate.exe"
Thu 13 Oct 2005 394,976 A..H. --- "E:WINDOWS$hf_mig$KB926436updateupdspapi.dll"
Mon 5 Feb 2007 185,344 A..H. --- "E:WINDOWS$hf_mig$KB931261SP2QFEupnphost.dll"
Thu 19 Jan 2006 22,752 A..H. --- "E:WINDOWS$hf_mig$KB931261updatespcustom.dll"
Thu 19 Jan 2006 727,776 A..H. --- "E:WINDOWS$hf_mig$KB931261updateupdate.exe"
Thu 19 Jan 2006 394,976 A..H. --- "E:WINDOWS$hf_mig$KB931261updateupdspapi.dll"
Fri 6 Jul 2007 72,960 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqac.sys"
Fri 6 Jul 2007 138,240 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqad.dll"
Fri 6 Jul 2007 47,104 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqdscli.dll"
Fri 6 Jul 2007 16,896 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqise.dll"
Fri 6 Jul 2007 660,992 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqqm.dll"
Fri 6 Jul 2007 177,152 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqrt.dll"
Fri 6 Jul 2007 95,744 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqsec.dll"
Fri 6 Jul 2007 48,640 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqupgrd.dll"
Fri 6 Jul 2007 527,360 A..H. --- "E:WINDOWS$hf_mig$KB937894SP2QFEmqutil.dll"
Thu 13 Oct 2005 22,752 A..H. --- "E:WINDOWS$hf_mig$KB937894updatespcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "E:WINDOWS$hf_mig$KB937894updateupdate.exe"
Thu 13 Oct 2005 394,976 A..H. --- "E:WINDOWS$hf_mig$KB937894updateupdspapi.dll"
Fri 13 Jul 2007 765,952 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7SP2QFEvgx.dll"
Tue 6 Mar 2007 22,752 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7updatespcustom.dll"
Tue 6 Mar 2007 727,776 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7updateupdate.exe"
Tue 6 Mar 2007 394,976 A..H. --- "E:WINDOWS$hf_mig$KB938127-IE7updateupdspapi.dll"
Thu 13 Oct 2005 22,752 A..H. --- "E:WINDOWS$hf_mig$KB938828updatespcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "E:WINDOWS$hf_mig$KB938828updateupdate.exe"
Thu 13 Oct 2005 394,976 A..H. --- "E:WINDOWS$hf_mig$KB938828updateupdspapi.dll"
Tue 13 Nov 2007 60,416 A..H. --- "E:WINDOWS$hf_mig$KB942763SP2QFE zchange.exe"
Tue 6 Mar 2007 22,752 A..H. --- "E:WINDOWS$hf_mig$KB942763updatespcustom.dll"
Tue 6 Mar 2007 727,776 A..H. --- "E:WINDOWS$hf_mig$KB942763updateupdate.exe"
Tue 6 Mar 2007 394,976 A..H. --- "E:WINDOWS$hf_mig$KB942763updateupdspapi.dll"
Tue 13 Nov 2007 20,480 A..H. --- "E:WINDOWS$hf_mig$KB944653SP2QFEsecdrv.sys"
Tue 6 Mar 2007 22,752 A..H. --- "E:WINDOWS$hf_mig$KB944653updatespcustom.dll"
Tue 6 Mar 2007 727,776 A..H. --- "E:WINDOWS$hf_mig$KB944653updateupdate.exe"
Tue 6 Mar 2007 394,976 A..H. --- "E:WINDOWS$hf_mig$KB944653updateupdspapi.dll"
Tue 11 Dec 2007 7,680 A..H. --- "E:WINDOWSassemblyGACAccessibility1.0.5000.0__b03f5f7f11d50a3aAccessibility.dll"
Tue 11 Dec 2007 12,288 A..H. --- "E:WINDOWSassemblyGACcscompmgd7.0.5000.0__b03f5f7f11d50a3acscompmgd.dll"
Tue 11 Dec 2007 33,792 A..H. --- "E:WINDOWSassemblyGACCustomMarshalers1.0.5000.0__b03f5f7f11d50a3aCustomMarshalers.dll"
Tue 11 Dec 2007 8,192 A..H. --- "E:WINDOWSassemblyGACIEExecRemote1.0.5000.0__b03f5f7f11d50a3aIEExecRemote.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGACIEHost1.0.5000.0__b03f5f7f11d50a3aIEHost.dll"
Tue 11 Dec 2007 4,608 A..H. --- "E:WINDOWSassemblyGACIIEHost1.0.5000.0__b03f5f7f11d50a3aIIEHost.dll"
Tue 11 Dec 2007 26,112 A..H. --- "E:WINDOWSassemblyGACISymWrapper1.0.5000.0__b03f5f7f11d50a3aISymWrapper.dll"
Tue 11 Dec 2007 6,656 A..H. --- "E:WINDOWSassemblyGACMicrosoft_VsaVb7.0.5000.0__b03f5f7f11d50a3aMicrosoft_VsaVb.dll"
Tue 11 Dec 2007 11,264 A..H. --- "E:WINDOWSassemblyGACMicrosoft.Vsa.Vb.CodeDOMProcessor7.0.5000.0__b03f5f7f11d50a3aMicrosoft.Vsa.Vb.CodeDOMProcessor.dll"
Tue 11 Dec 2007 720,896 A..H. --- "E:WINDOWSassemblyGACMicrosoft.JScript7.0.5000.0__b03f5f7f11d50a3aMicrosoft.JScript.dll"
Tue 11 Dec 2007 45,056 A..H. --- "E:WINDOWSassemblyGACMicrosoft.JScript.resources7.0.5000.0_fr_b03f5f7f11d50a3aMicrosoft.Jscript.Resources.dll"
Tue 11 Dec 2007 299,008 A..H. --- "E:WINDOWSassemblyGACMicrosoft.VisualBasic7.0.5000.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGACMicrosoft.Vsa7.0.5000.0__b03f5f7f11d50a3aMicrosoft.Vsa.dll"
Tue 11 Dec 2007 36,864 A..H. --- "E:WINDOWSassemblyGACMicrosoft.VisualBasic.resources7.0.5000.0_fr_b03f5f7f11d50a3aMicrosoft.VisualBasic.Resources.dll"
Tue 11 Dec 2007 6,144 A..H. --- "E:WINDOWSassemblyGACMicrosoft.VisualC7.0.5000.0__b03f5f7f11d50a3aMicrosoft.VisualC.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGACMicrosoft.VisualBasic.Vsa7.0.5000.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Vsa.dll"
Tue 11 Dec 2007 1,564,672 A..H. --- "E:WINDOWSassemblyGACmscorcfg1.0.5000.0__b03f5f7f11d50a3amscorcfg.dll"
Tue 11 Dec 2007 757,760 A..H. --- "E:WINDOWSassemblyGACmscorcfg.resources1.0.5000.0_fr_b03f5f7f11d50a3amscorcfg.Resources.dll"
Tue 11 Dec 2007 233,472 A..H. --- "E:WINDOWSassemblyGACmscorlib.resources1.0.5000.0_fr_b77a5c561934e089Mscorlib.Resources.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGACRegcode1.0.5000.0__b03f5f7f11d50a3aRegCode.dll"
Tue 11 Dec 2007 10,240 A..H. --- "E:WINDOWSassemblyGACRegcode.resources1.0.5000.0_fr_b03f5f7f11d50a3aRegCode.Resources.dll"
Tue 11 Dec 2007 122,880 A..H. --- "E:WINDOWSassemblyGACSystem.Data.resources1.0.5000.0_fr_b77a5c561934e089System.Data.Resources.dll"
Tue 11 Dec 2007 24,576 A..H. --- "E:WINDOWSassemblyGACsystem.management.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Management.Resources.dll"
Tue 11 Dec 2007 11,776 A..H. --- "E:WINDOWSassemblyGACSystem.Runtime.Serialization.Formatters.Soap.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.Resources.dll"
Tue 11 Dec 2007 114,688 A..H. --- "E:WINDOWSassemblyGACSystem.XML.resources1.0.5000.0_fr_b77a5c561934e089System.xml.Resources.dll"
Tue 11 Dec 2007 126,976 A..H. --- "E:WINDOWSassemblyGACSystem.Web.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Web.Resources.dll"
Tue 11 Dec 2007 24,576 A..H. --- "E:WINDOWSassemblyGACSystem.Drawing.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Drawing.Resources.dll"
Tue 11 Dec 2007 6,144 A..H. --- "E:WINDOWSassemblyGACSystem.Drawing.Design.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Drawing.design.Resources.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGACSystem.Runtime.Remoting.resources1.0.5000.0_fr_b77a5c561934e089System.runtime.remoting.Resources.dll"
Tue 11 Dec 2007 86,016 A..H. --- "E:WINDOWSassemblyGACSystem.resources1.0.5000.0_fr_b77a5c561934e089System.Resources.dll"
Tue 11 Dec 2007 61,440 A..H. --- "E:WINDOWSassemblyGACSystem.Messaging.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Messaging.Resources.dll"
Tue 11 Dec 2007 180,224 A..H. --- "E:WINDOWSassemblyGACSYSTEM.WINDOWS.FORMS.resources1.0.5000.0_fr_b77a5c561934e089System.Windows.Forms.Resources.dll"
Tue 11 Dec 2007 61,440 A..H. --- "E:WINDOWSassemblyGACSystem.Web.Services.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Web.Services.Resources.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyGACSystem.Web.Mobile.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Web.Mobile.resources.dll"
Tue 11 Dec 2007 151,552 A..H. --- "E:WINDOWSassemblyGACSystem.Design.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Design.Resources.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGACSystem.Configuration.Install.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Configuration.Install.Resources.dll"
Tue 11 Dec 2007 1,224,704 A..H. --- "E:WINDOWSassemblyGACSystem1.0.5000.0__b77a5c561934e089System.dll"
Tue 11 Dec 2007 1,257,472 A..H. --- "E:WINDOWSassemblyGACSystem.Web1.0.5000.0__b03f5f7f11d50a3aSystem.Web.dll"
Tue 11 Dec 2007 1,339,392 A..H. --- "E:WINDOWSassemblyGACSystem.Xml1.0.5000.0__b77a5c561934e089System.Xml.dll"
Tue 11 Dec 2007 1,294,336 A..H. --- "E:WINDOWSassemblyGACSystem.Data1.0.5000.0__b77a5c561934e089System.Data.dll"
Tue 11 Dec 2007 1,703,936 A..H. --- "E:WINDOWSassemblyGACSystem.Design1.0.5000.0__b03f5f7f11d50a3aSystem.Design.dll"
Tue 11 Dec 2007 90,112 A..H. --- "E:WINDOWSassemblyGACSystem.DirectoryServices1.0.5000.0__b03f5f7f11d50a3aSystem.DirectoryServices.dll"
Tue 11 Dec 2007 466,944 A..H. --- "E:WINDOWSassemblyGACSystem.Drawing1.0.5000.0__b03f5f7f11d50a3aSystem.Drawing.dll"
Tue 11 Dec 2007 241,664 A..H. --- "E:WINDOWSassemblyGACSystem.EnterpriseServices1.0.5000.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll"
Tue 11 Dec 2007 66,560 A..H. --- "E:WINDOWSassemblyGACSystem.EnterpriseServices1.0.5000.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Thunk.dll"
Tue 11 Dec 2007 2,052,096 A..H. --- "E:WINDOWSassemblyGACSystem.Windows.Forms1.0.5000.0__b77a5c561934e089System.Windows.Forms.dll"
Tue 11 Dec 2007 77,824 A..H. --- "E:WINDOWSassemblyGACSystem.Configuration.Install1.0.5000.0__b03f5f7f11d50a3aSystem.Configuration.Install.dll"
Tue 11 Dec 2007 372,736 A..H. --- "E:WINDOWSassemblyGACSystem.Management1.0.5000.0__b03f5f7f11d50a3aSystem.Management.dll"
Tue 11 Dec 2007 241,664 A..H. --- "E:WINDOWSassemblyGACSystem.Messaging1.0.5000.0__b03f5f7f11d50a3aSystem.Messaging.dll"
Tue 11 Dec 2007 819,200 A..H. --- "E:WINDOWSassemblyGACSystem.Web.Mobile1.0.5000.0__b03f5f7f11d50a3aSystem.Web.Mobile.dll"
Tue 11 Dec 2007 303,104 A..H. --- "E:WINDOWSassemblyGACSystem.Data.OracleClient1.0.5000.0__b77a5c561934e089System.Data.OracleClient.dll"
Tue 11 Dec 2007 57,344 A..H. --- "E:WINDOWSassemblyGACSystem.Web.RegularExpressions1.0.5000.0__b03f5f7f11d50a3aSystem.Web.RegularExpressions.dll"
Tue 11 Dec 2007 323,584 A..H. --- "E:WINDOWSassemblyGACSystem.Runtime.Remoting1.0.5000.0__b77a5c561934e089System.Runtime.Remoting.dll"
Tue 11 Dec 2007 7,680 A..H. --- "E:WINDOWSassemblyGACSystem.Security.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.Security.Resources.dll"
Tue 11 Dec 2007 77,824 A..H. --- "E:WINDOWSassemblyGACSystem.Security1.0.5000.0__b03f5f7f11d50a3aSystem.Security.dll"
Tue 11 Dec 2007 573,440 A..H. --- "E:WINDOWSassemblyGACSystem.Web.Services1.0.5000.0__b03f5f7f11d50a3aSystem.Web.Services.dll"
Tue 11 Dec 2007 131,072 A..H. --- "E:WINDOWSassemblyGACSystem.Runtime.Serialization.Formatters.Soap1.0.5000.0__b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.dll"
Tue 11 Dec 2007 65,536 A..H. --- "E:WINDOWSassemblyGACSystem.Drawing.Design1.0.5000.0__b03f5f7f11d50a3aSystem.Drawing.Design.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGACSystem.EnterpriseServices.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.EnterpriseServices.Resources.dll"
Tue 11 Dec 2007 126,976 A..H. --- "E:WINDOWSassemblyGACSystem.ServiceProcess1.0.5000.0__b03f5f7f11d50a3aSystem.ServiceProcess.dll"
Tue 11 Dec 2007 11,264 A..H. --- "E:WINDOWSassemblyGACSystem.DirectoryServices.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.DirectoryServices.Resources.dll"
Tue 11 Dec 2007 40,960 A..H. --- "E:WINDOWSassemblyGACSystem.ServiceProcess.resources1.0.5000.0_fr_b03f5f7f11d50a3aSystem.ServiceProcess.Resources.dll"
Tue 11 Dec 2007 68,608 A..H. --- "E:WINDOWSassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll"
Tue 11 Dec 2007 72,192 A..H. --- "E:WINDOWSassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll"
Tue 11 Dec 2007 4,308,992 A..H. --- "E:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll"
Tue 11 Dec 2007 5,029,888 A..H. --- "E:WINDOWSassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll"
Tue 11 Dec 2007 2,878,976 A..H. --- "E:WINDOWSassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll"
Tue 11 Dec 2007 482,304 A..H. --- "E:WINDOWSassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll"
Tue 11 Dec 2007 260,096 A..H. --- "E:WINDOWSassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll"
Tue 11 Dec 2007 10,752 A..H. --- "E:WINDOWSassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll"
Tue 11 Dec 2007 503,808 A..H. --- "E:WINDOWSassemblyGAC_MSILAspNetMMCExt2.0.0.0__b03f5f7f11d50a3aAspNetMMCExt.dll"
Tue 11 Dec 2007 315,392 A..H. --- "E:WINDOWSassemblyGAC_MSILAspNetMMCExt.resources2.0.0.0_fr_b03f5f7f11d50a3aaspnetmmcext.resources.dll"
Tue 11 Dec 2007 13,312 A..H. --- "E:WINDOWSassemblyGAC_MSILcscompmgd8.0.0.0__b03f5f7f11d50a3acscompmgd.dll"
Tue 11 Dec 2007 8,192 A..H. --- "E:WINDOWSassemblyGAC_MSILIEExecRemote2.0.0.0__b03f5f7f11d50a3aIEExecRemote.dll"
Tue 11 Dec 2007 36,864 A..H. --- "E:WINDOWSassemblyGAC_MSILIEHost2.0.0.0__b03f5f7f11d50a3aIEHost.dll"
Tue 11 Dec 2007 5,632 A..H. --- "E:WINDOWSassemblyGAC_MSILIIEHost2.0.0.0__b03f5f7f11d50a3aIIEHost.dll"
Tue 11 Dec 2007 9,216 A..H. --- "E:WINDOWSassemblyGAC_MSILmicrosoft.visualbasic.compatibility.data.resources8.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.Data.resources.dll"
Tue 11 Dec 2007 40,960 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.ConsoleHost.resources1.0.0.0_fr_31bf3856ad364e35Microsoft.PowerShell.ConsoleHost.resources.dll"
Tue 11 Dec 2007 9,216 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Security.resources1.0.0.0_fr_31bf3856ad364e35Microsoft.PowerShell.Security.resources.dll"
Tue 11 Dec 2007 9,728 A..H. --- "E:WINDOWSassemblyGAC_MSILmicrosoft.visualbasic.compatibility.resources8.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.resources.dll"
Tue 11 Dec 2007 61,440 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic.resources8.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.VisualBasic.resources.dll"
Tue 11 Dec 2007 36,864 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Commands.Utility.resources1.0.0.0_fr_31bf3856ad364e35Microsoft.PowerShell.Commands.Utility.resources.dll"
Tue 11 Dec 2007 11,776 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Commands.Management.resources1.0.0.0_fr_31bf3856ad364e35Microsoft.PowerShell.Commands.Management.resources.dll"
Tue 11 Dec 2007 7,168 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft_VsaVb8.0.0.0__b03f5f7f11d50a3aMicrosoft_VsaVb.dll"
Tue 11 Dec 2007 12,800 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Vsa.Vb.CodeDOMProcessor8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.Vb.CodeDOMProcessor.dll"
Tue 11 Dec 2007 372,736 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.dll"
Tue 11 Dec 2007 200,704 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.ConsoleHost1.0.0.0__31bf3856ad364e35Microsoft.PowerShell.ConsoleHost.dll"
Tue 11 Dec 2007 110,592 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility.Data8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.Data.dll"
Tue 11 Dec 2007 413,696 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Engine2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Engine.dll"
Tue 11 Dec 2007 36,864 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Framework2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Framework.dll"
Tue 11 Dec 2007 745,472 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.JScript8.0.0.0__b03f5f7f11d50a3aMicrosoft.JScript.dll"
Tue 11 Dec 2007 139,264 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Commands.Management1.0.0.0__31bf3856ad364e35Microsoft.PowerShell.Commands.Management.dll"
Tue 11 Dec 2007 45,056 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Jscript.resources8.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.JScript.Resources.dll"
Tue 11 Dec 2007 65,536 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Security1.0.0.0__31bf3856ad364e35Microsoft.PowerShell.Security.dll"
Tue 11 Dec 2007 647,168 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Tasks2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Tasks.dll"
Tue 11 Dec 2007 73,728 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Utilities2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Utilities.dll"
Tue 11 Dec 2007 667,648 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Vsa.dll"
Tue 11 Dec 2007 53,248 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Engine.resources2.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.Build.Engine.resources.dll"
Tue 11 Dec 2007 294,912 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.PowerShell.Commands.Utility1.0.0.0__31bf3856ad364e35Microsoft.PowerShell.Commands.Utility.dll"
Tue 11 Dec 2007 5,632 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.VisualC8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualC.Dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.dll"
Tue 11 Dec 2007 139,264 A..H. --- "E:WINDOWSassemblyGAC_MSILMicrosoft.Build.Tasks.resources2.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.Build.Tasks.resources.dll"
Tue 11 Dec 2007 10,240 A..H. --- "E:WINDOWSassemblyGAC_MSILmicrosoft.build.utilities.resources2.0.0.0_fr_b03f5f7f11d50a3aMicrosoft.Build.Utilities.Resources.dll"
Tue 11 Dec 2007 311,296 A..H. --- "E:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_fr_b77a5c561934e089mscorlib.Resources.dll"
Tue 11 Dec 2007 110,592 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Data.OracleClient.resources2.0.0.0_fr_b77a5c561934e089System.Data.OracleClient.resources.dll"
Tue 11 Dec 2007 13,312 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Management.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Management.Resources.dll"
Tue 11 Dec 2007 335,872 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Data.resources2.0.0.0_fr_b77a5c561934e089System.Data.Resources.dll"
Tue 11 Dec 2007 11,776 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Runtime.Serialization.Formatters.Soap.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.Resources.dll"
Tue 11 Dec 2007 167,936 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.XML.resources2.0.0.0_fr_b77a5c561934e089System.xml.Resources.dll"
Tue 11 Dec 2007 610,304 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Web.Resources.dll"
Tue 11 Dec 2007 16,896 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Transactions.resources2.0.0.0_fr_b77a5c561934e089System.Transactions.resources.dll"
Tue 11 Dec 2007 15,360 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Drawing.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Drawing.Resources.dll"
Tue 11 Dec 2007 6,144 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Drawing.Design.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Drawing.Design.Resources.dll"
Tue 11 Dec 2007 36,864 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Data.SqlXml.resources2.0.0.0_fr_b77a5c561934e089system.data.sqlxml.resources.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Runtime.Remoting.resources2.0.0.0_fr_b77a5c561934e089System.Runtime.Remoting.Resources.dll"
Tue 11 Dec 2007 212,992 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.resources2.0.0.0_fr_b77a5c561934e089system.Resources.dll"
Tue 11 Dec 2007 61,440 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Messaging.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Messaging.Resources.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.Services.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Web.Services.Resources.dll"
Tue 11 Dec 2007 40,960 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.ServiceProcess.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.ServiceProcess.Resources.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.Mobile.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Web.Mobile.resources.dll"
Tue 11 Dec 2007 184,320 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Management.Automation.resources1.0.0.0_fr_31bf3856ad364e35System.Management.Automation.resources.dll"
Tue 11 Dec 2007 544,768 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Design.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Design.Resources.dll"
Tue 11 Dec 2007 49,152 A..H. --- "E:WINDOWSassemblyGAC_MSILsystem.configuration.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Configuration.resources.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Configuration.Install.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Configuration.Install.Resources.dll"
Tue 11 Dec 2007 430,080 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Windows.Forms.resources2.0.0.0_fr_b77a5c561934e089System.Windows.Forms.Resources.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.DirectoryServices.Protocols.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.DirectoryServices.Protocols.resources.dll"
Tue 11 Dec 2007 110,592 A..H. --- "E:WINDOWSassemblyGAC_MSILsysglobl2.0.0.0__b03f5f7f11d50a3asysglobl.dll"
Tue 11 Dec 2007 10,752 A..H. --- "E:WINDOWSassemblyGAC_MSILsysglobl.resources2.0.0.0_fr_b03f5f7f11d50a3asysglobl.resources.dll"
Tue 11 Dec 2007 3,018,752 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll"
Tue 11 Dec 2007 2,035,712 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Xml2.0.0.0__b77a5c561934e089System.XML.dll"
Tue 11 Dec 2007 1,564,672 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Management.Automation1.0.0.0__31bf3856ad364e35System.Management.Automation.dll"
Tue 11 Dec 2007 389,120 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Configuration2.0.0.0__b03f5f7f11d50a3aSystem.configuration.dll"
Tue 11 Dec 2007 884,736 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Deployment2.0.0.0__b03f5f7f11d50a3aSystem.Deployment.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Drawing.Design2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.Design.dll"
Tue 11 Dec 2007 397,312 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.DirectoryServices2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.dll"
Tue 11 Dec 2007 700,416 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll"
Tue 11 Dec 2007 5,316,608 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Configuration.Install2.0.0.0__b03f5f7f11d50a3aSystem.Configuration.Install.dll"
Tue 11 Dec 2007 368,640 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Management2.0.0.0__b03f5f7f11d50a3aSystem.Management.dll"
Tue 11 Dec 2007 258,048 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Messaging2.0.0.0__b03f5f7f11d50a3aSystem.Messaging.dll"
Tue 11 Dec 2007 835,584 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.Mobile2.0.0.0__b03f5f7f11d50a3aSystem.Web.Mobile.dll"
Tue 11 Dec 2007 188,416 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.DirectoryServices.Protocols2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.Protocols.dll"
Tue 11 Dec 2007 86,016 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.RegularExpressions2.0.0.0__b03f5f7f11d50a3aSystem.Web.RegularExpressions.dll"
Tue 11 Dec 2007 299,008 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.dll"
Tue 11 Dec 2007 385,024 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Deployment.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Deployment.resources.dll"
Tue 11 Dec 2007 258,048 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Security2.0.0.0__b03f5f7f11d50a3aSystem.Security.dll"
Tue 11 Dec 2007 114,688 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.ServiceProcess2.0.0.0__b03f5f7f11d50a3aSystem.ServiceProcess.dll"
Tue 11 Dec 2007 131,072 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Runtime.Serialization.Formatters.Soap2.0.0.0__b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.dll"
Tue 11 Dec 2007 716,800 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Data.SqlXml2.0.0.0__b77a5c561934e089System.Data.SqlXml.dll"
Tue 11 Dec 2007 5,050,368 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Design2.0.0.0__b03f5f7f11d50a3aSystem.Design.dll"
Tue 11 Dec 2007 32,768 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.EnterpriseServices.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.EnterpriseServices.Resources.dll"
Tue 11 Dec 2007 823,296 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Web.Services2.0.0.0__b03f5f7f11d50a3aSystem.Web.Services.dll"
Tue 11 Dec 2007 28,672 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.Security.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.Security.Resources.dll"
Tue 11 Dec 2007 40,960 A..H. --- "E:WINDOWSassemblyGAC_MSILSystem.DirectoryServices.resources2.0.0.0_fr_b03f5f7f11d50a3aSystem.DirectoryServices.Resources.dll"
Tue 11 Dec 2007 61,440 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322CustomMarshalers1.0.5000.0__b03f5f7f11d50a3a_411ed6e4CustomMarshalers.dll"
Tue 11 Dec 2007 3,379,200 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_5d01cad0mscorlib.dll"
Tue 11 Dec 2007 1,953,792 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System1.0.5000.0__b77a5c561934e089_9b0d08aaSystem.dll"
Tue 11 Dec 2007 2,088,960 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System.Xml1.0.5000.0__b77a5c561934e089_0adfb42dSystem.Xml.dll"
Tue 11 Dec 2007 1,466,368 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System.Design1.0.5000.0__b03f5f7f11d50a3a_822c24c3System.Design.dll"
Tue 11 Dec 2007 835,584 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System.Drawing1.0.5000.0__b03f5f7f11d50a3a_7c075fa9System.Drawing.dll"
Tue 11 Dec 2007 3,014,656 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System.Windows.Forms1.0.5000.0__b77a5c561934e089_410e0fdbSystem.Windows.Forms.dll"
Tue 11 Dec 2007 90,112 A..H. --- "E:WINDOWSassemblyNativeImages1_v1.1.4322System.Drawing.Design1.0.5000.0__b03f5f7f11d50a3a_7aa0a04eSystem.Drawing.Design.dll"
Tue 11 Dec 2007 26,624 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Accessibility30f7dd31c4eba4d80ef20c3fdb3ab7dAccessibility.ni.dll"
Tue 11 Dec 2007 860,160 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32AspNetMMCExt96bd0973a01e8040b709e8cb621ceb3aAspNetMMCExt.ni.dll"
Tue 11 Dec 2007 237,568 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32CustomMarshalersa1a4713e8525f047bd11695a61a0a241CustomMarshalers.ni.dll"
Tue 11 Dec 2007 15,360 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32dfsvc2afdaaf3e7f2dc43affddf7910ffd954dfsvc.ni.exe"
Tue 11 Dec 2007 880,640 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.Build.Eng#a007cea964dcb74d94d988005ce21ec6Microsoft.Build.Engine.ni.dll"
Tue 11 Dec 2007 81,920 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.Build.Fra#cb651bd87900764ab52d2715f70c39bcMicrosoft.Build.Framework.ni.dll"
Tue 11 Dec 2007 39,936 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#0a4d5818126f6488e4f0d9231b71613Microsoft.PowerShell.ConsoleHost.resources.ni.dll"
Tue 11 Dec 2007 524,288 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#ffe722f07319b4ca0ccf06b20aa4436Microsoft.PowerShell.Commands.Management.ni.dll"
Tue 11 Dec 2007 1,069,056 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#114354d733ed674f9e641cb4b8dd76ecMicrosoft.PowerShell.Commands.Utility.ni.dll"
Tue 11 Dec 2007 21,504 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#4d0929d04f431c4aa94b96cab50c8e6fMicrosoft.PowerShell.Commands.Management.resources.ni.dll"
Tue 11 Dec 2007 18,944 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#8362dbe00d0b3045abe00df7c7ef1b15Microsoft.PowerShell.Security.resources.ni.dll"
Tue 11 Dec 2007 33,792 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#a6341e93821c2c4886ddefe76efb4194Microsoft.PowerShell.Commands.Utility.resources.ni.dll"
Tue 11 Dec 2007 552,960 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#d223b275aae4c4fa107f6ae87b8c536Microsoft.PowerShell.ConsoleHost.ni.dll"
Tue 11 Dec 2007 176,128 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.PowerShel#e03f204640f10a4bb5b1b14f05ebe356Microsoft.PowerShell.Security.ni.dll"
Tue 11 Dec 2007 1,691,648 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.Build.Tas#51c3885a8a526345959506c46178d4daMicrosoft.Build.Tasks.ni.dll"
Tue 11 Dec 2007 163,840 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.Build.Uti#6578d0084ee706499933cbaf7d516fc8Microsoft.Build.Utilities.ni.dll"
Tue 11 Dec 2007 1,724,416 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32Microsoft.VisualBas#ab1a96dcc9fddf4f8c1422e54f670a96Microsoft.VisualBasic.ni.dll"
Tue 11 Dec 2007 11,415,552 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlib9e534e8e544c5e4da6d96d2aef8afac6mscorlib.ni.dll"
Tue 11 Dec 2007 8,093,696 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System71fdadf53534547a07b25adcfee4150System.ni.dll"
Tue 11 Dec 2007 11,845,632 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web184813100115d84282d95ebab09974e2System.Web.ni.dll"
Tue 11 Dec 2007 5,640,192 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Xmlf05e8505412ef24fa1e7a993251971c0System.Xml.ni.dll"
Tue 11 Dec 2007 5,271,552 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Management.A#677922f9dc9fb748b35bd651d6dda3f3System.Management.Automation.ni.dll"
Tue 11 Dec 2007 204,800 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Management.A#df03890c0ea4854a8d0a7b81fb5a55fcSystem.Management.Automation.resources.ni.dll"
Tue 11 Dec 2007 962,560 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configuration3987bf456f7419428608cdccfbaa66efSystem.Configuration.ni.dll"
Tue 11 Dec 2007 6,688,768 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Data937d762d0d3b4749bc0c66174a48502bSystem.Data.ni.dll"
Tue 11 Dec 2007 1,712,128 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Deploymentc78c7a4b97c657479d531ba2efbfe743System.Deployment.ni.dll"
Tue 11 Dec 2007 229,376 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawing.Desi#57b100118f05f44496aac380dd3c5bd3System.Drawing.Design.ni.dll"
Tue 11 Dec 2007 512,000 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.DirectorySer#67aa0366d9de19448db3496458a1176aSystem.DirectoryServices.Protocols.ni.dll"
Tue 11 Dec 2007 1,220,608 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.DirectorySer#a0ab8804ad27a54fa3f7923d5809d350System.DirectoryServices.ni.dll"
Tue 11 Dec 2007 1,626,112 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingd0711f446313e54b9139e3a83f89342aSystem.Drawing.ni.dll"
Tue 11 Dec 2007 659,456 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#309776b9033b684aaa9addc595843afaSystem.EnterpriseServices.ni.dll"
Tue 11 Dec 2007 294,912 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#309776b9033b684aaa9addc595843afaSystem.EnterpriseServices.Wrapper.dll"
Tue 11 Dec 2007 13,107,200 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Formse1c10ff55cd6b048b4d386bf2727a311System.Windows.Forms.ni.dll"
Tue 11 Dec 2007 2,310,144 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web.Mobile6e53bcbc8a2b194fbdf4cdc58f124631System.Web.Mobile.ni.dll"
Tue 11 Dec 2007 237,568 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web.RegularE#f7a0d9ae40a404cad748320fef9618cSystem.Web.RegularExpressions.ni.dll"
Tue 11 Dec 2007 729,088 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Securityd7a1ff075efb544b88f8da1184996dbSystem.Security.ni.dll"
Tue 11 Dec 2007 1,945,600 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web.Servicesad74b3d484444468b9666413b65a8b8System.Web.Services.ni.dll"
Tue 11 Dec 2007 684,032 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Transactions30c7c4c0058b6b4c8bd4bba8b8f7a589System.Transactions.ni.dll"
Tue 11 Dec 2007 10,723,328 A..H. --- "E:WINDOWSassemblyNativeImages_v2.0.50727_32System.Design827cb0ac15df09489629481ebefdda50System.Design.ni.dll"

Finished!

Si quelqu'un peut m'aider MERCI

r@in | b0w · le 13 Nov 2008 22:46

Bonjour.

_ Tu suis ce tutorial et tu nous postes le rapport généré.

_ Tu fais un nouveau scan avec Mbam et tu postes le rapport.

_ Ton trojan est-il toujours présent? Normalement, Mbam en a eu raison précédemment.

De toute façon, ton rootkit semble inconnu de gOOgle...

tarifa01 · le 13 Nov 2008 23:49

Bonsoir,
il me semble que tout est ok maintenant, les symptomes ont apparement disparus; c'est déja ça de gagné! voici le premier rapport avec hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:26, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesGoogleUpdateGoogleUpdate.exe
E:WINDOWSExplorer.EXE
E:WINDOWSRTHDCPL.EXE
E:WINDOWSsystem32igfxtray.exe
E:WINDOWSsystem32igfxpers.exe
E:WINDOWSsystem32hkcmd.exe
E:WINDOWSsystem32spooldriversw32x863hpztsb03.exe
E:Program Filese-Carte BleueLA BANQUE POSTALECVD ADESIOECB.exe
E:Program FilesOrangeSystraySystrayApp.exe
E:Program FilesBitDefenderBitDefender 2008dagent.exe
E:Program FilesiTunesiTunesHelper.exe
E:Program FilesAdobeReader 9.0ReaderReader_sl.exe
E:WINDOWSsystem32ctfmon.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesAlertModuleAlertModule.exe
E:Program FilesOrangeLauncherLauncher.exe
E:Program Filese-Carte Bleue La Banque Postaleecbl-lbp.exe
E:Program FilesAXMAFax-internetfaxtray.exe
E:WINDOWSsystem32IcoSauve.exe
E:Program FilesUltimateZip 2.7uzqkst.exe
E:Program FilesOrangeDeskboarddeskboard.exe
E:Program FilesOrangeconnectivityconnectivitymanager.exe
E:Program FilesOrangeconnectivityCoreComCoreCom.exe
E:Program FilesIncrediMailinIMApp.exe
E:Program FilesFichiers communsAppleMobile Device SupportinAppleMobileDeviceService.exe
E:Program FilesBonjourmDNSResponder.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe
E:Program FilesFichiers communsBitDefenderBitDefender Communicatorxcommsvr.exe
E:Program FilesFichiers communsBitDefenderBitDefender Update Servicelivesrv.exe
E:Program FilesBitDefenderBitDefender 2008vsserv.exe
E:Program FilesiPodiniPodService.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesOrangeconnectivityCoreComOraConfigRecover.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesFTCOMModuleFTCOMModule.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32wuauclt.exe
E:WINDOWSsystem32wuauclt.exe
H:pgmHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:Program FilesAskBarDisarinaskBar.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - E:WINDOWSsystem32BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:Program FilesJavajre1.6.0inssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:Program FilesBitDefenderBitDefender 2008IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:Program FilesAskBarDisarinaskBar.dll
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [igfxtray] E:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] E:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] E:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] E:WINDOWSsystem32spooldriversw32x863hpztsb03.exe
O4 - HKLM..Run: [eCarteBleue-LP-P1] "E:Program Filese-Carte BleueLA BANQUE POSTALECVD ADESIOECB.exe" /dontopenmycards
O4 - HKLM..Run: [NeroCheck] E:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SystrayORAHSS] "E:Program FilesOrangeSystraySystrayApp.exe"
O4 - HKLM..Run: [ORAHSSSessionManager] E:Program FilesOrangeSessionManagerSessionManager.exe
O4 - HKLM..Run: [BitDefender Antiphishing Helper] "E:Program FilesBitDefenderBitDefender 2008IEShow.exe"
O4 - HKLM..Run: [BDAgent] "E:Program FilesBitDefenderBitDefender 2008dagent.exe"
O4 - HKLM..Run: [QuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "E:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "E:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] E:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [IncrediMail] E:Program FilesIncrediMailinIncMail.exe /c
O4 - HKUSS-1-5-19..RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RESEAU')
O4 - S-1-5-18 Startup: IcoSauve.lnk = E:WINDOWSsystem32IcoSauve.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = E:Program FilesUltimateZip 2.7uzqkst.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IcoSauve.lnk = E:WINDOWSsystem32IcoSauve.exe (User 'Default user')
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = E:Program FilesUltimateZip 2.7uzqkst.exe (User 'Default user')
O4 - Startup: IcoSauve.lnk = E:WINDOWSsystem32IcoSauve.exe
O4 - Startup: UltimateZip Quick Start.lnk = E:Program FilesUltimateZip 2.7uzqkst.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = E:Program Filese-Carte Bleue La Banque Postaleecbl-lbp.exe
O4 - Global Startup: Gestionnaire de lancement d'application fax.lnk = E:Program FilesAXMAFax-internetfaxtray.exe
O4 - Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - E:Program FilesFichiers communsAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:Program FilesBonjourmDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:PROGRA~1FICHIE~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c92edf8457848) (gupdate1c92edf8457848) - Google Inc. - E:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:Program FilesiPodiniPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - E:Program FilesFichiers communsBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:Program FilesBitDefenderBitDefender 2008vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:Program FilesFichiers communsBitDefenderBitDefender Communicatorxcommsvr.exe

--
End of file - 9762 bytes

et le 2éme rapport avec Mbam:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 2

13/11/2008 23:43:27
mbam-log-2008-11-13 (23-43-27).txt

Type de recherche: Examen complet (C:|D:|E:|F:|)
Eléments examinés: 99273
Temps écoulé: 37 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOTCLSID{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Encore merci pour la qualité des infos et du travail sur ce forum.

r@in | b0w · le 13 Nov 2008 23:55

Via HiJackThis, tu supprimes les lignes:

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:Program FilesAskBarDisarinaskBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:Program FilesAskBarDisarinaskBar.dl
O4 - HKLM..Run: [QuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "E:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "E:Program FilesAdobeReader 9.0ReaderReader_sl.exe"

Tu as une barre d'outils vérolée.

Tu vas télécharger Toolbar S&D.

Tu double cliques ensuite sur l'icône Toolbar S&D pour lancer l'application.

Tu tapes sur la touche [F] pour sélectionner la langue franA§aise.

Tu appuies ensuite sur la touche [1] puis sur la touche [Entrée] pour lancer l'analyse.

Ps: pas la peine d'écrire en gros, tout le monde te lit bien

Quand tu verras indiqué:

Code: Tout sélectionner: Fin du rapport à --:--:--,--

L'analyse sera finie.

Normalement, le rapport d'analyse s'ouvrira dans le Bloc-notes, tu nous copies-colles l'intégralité du fichier.

tarifa01 · le 14 Nov 2008 21:19

Bonsoir,
j'ai effectué la manip avec HijackThis et voici la rapport Toolbar:

-----------\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Award Modular BIOS v6.00PG
USER : PASCAL ( Administrator )
BOOT : Normal boot
A: (USB)
C: (Local Disk) - FAT32 - Total:24 Go (Free:24 Go)
D: (Local Disk) - NTFS - Total:24 Go (Free:23 Go)
E: (Local Disk) - NTFS - Total:19 Go (Free:9 Go)
F: (Local Disk) - NTFS - Total:6 Go (Free:6 Go)
G: (CD or DVD)
H: (USB) - FAT32 - Total:3864 Mo (Free:2 Go)

"E:ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 14/11/2008|21:06 )

-----------\ Recherche de Fichiers / Dossiers ...

E:Program FilesAskBarDis
E:Program FilesAskBarDisar
E:Program FilesAskBarDisPopSwatter
E:Program FilesAskBarDisunins000.dat
E:Program FilesAskBarDisunins000.exe

-----------\ Extensions

(PASCAL) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\ [..Internet ExplorerMain]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="E:\WINDOWS\system32\blank.htm"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=54843"
"Start Page"="about:blank"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "E:ToolBar SDTB_1.txt" - 14/11/2008|21:07 - Option : [1]

-----------\ Fin du rapport a 21:07:32,73

En ce qui concerne la barre d'outil vérolée c'est vrai qu'elle avait changée subitement un jour et que je n'étais jamais arrivé à la supprimer;donc je comprends mieux! Merci encore

r@in | b0w · le 16 Nov 2008 22:25

Bonjour.

Tu relances Toolbar S&D puis tu sélectionnes l'option [2] pour lancer le nettoyage.

Tu nous copies-colles ensuite l'intégralité du rapport de nettoyage.

Ensuite, tu supprimes le dossier E:Program FilesAskBarDis.

Tu refais ensuite un nouveau scan HiJackThis dont tu postes le rapport.

tarifa01 · le 17 Nov 2008 21:32

bonsoir r@in bow,
voici le rapport toolbar avec option 2:

-----------\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Award Modular BIOS v6.00PG
USER : PASCAL ( Administrator )
BOOT : Normal boot
A: (USB)
C: (Local Disk) - FAT32 - Total:24 Go (Free:24 Go)
D: (Local Disk) - NTFS - Total:24 Go (Free:23 Go)
E: (Local Disk) - NTFS - Total:19 Go (Free:9 Go)
F: (Local Disk) - NTFS - Total:6 Go (Free:6 Go)
G: (CD or DVD)

"E:ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 17/11/2008|21:10 )

-----------\ SUPPRESSION

Supprime! - E:Program FilesAskBarDisar
Supprime! - E:Program FilesAskBarDisPopSwatter
Supprime! - E:Program FilesAskBarDisunins000.dat
Supprime! - E:Program FilesAskBarDisunins000.exe
Supprime! - E:Program FilesAskBarDis

-----------\ Recherche de Fichiers / Dossiers ...

-----------\ Extensions

(PASCAL) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\ [..Internet ExplorerMain]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="E:\WINDOWS\system32\blank.htm"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=54843"
"Start Page"="about:blank"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"

--------------------\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "E:ToolBar SDTB_1.txt" - 14/11/2008|21:07 - Option : [1]
2 - "E:ToolBar SDTB_2.txt" - 17/11/2008|21:11 - Option : [2]

-----------\ Fin du rapport a 21:11:51,03

comment je supprime E:Program FilesAskBarDis. ?? je ne le vois pas dans l'explorateur windows!

j'ai quand même fait le scan HiJackThis dont voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:46, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesGoogleUpdateGoogleUpdate.exe
E:WINDOWSExplorer.EXE
E:WINDOWSRTHDCPL.EXE
E:WINDOWSsystem32igfxtray.exe
E:WINDOWSsystem32igfxpers.exe
E:WINDOWSsystem32hkcmd.exe
E:WINDOWSsystem32spooldriversw32x863hpztsb03.exe
E:Program Filese-Carte BleueLA BANQUE POSTALECVD ADESIOECB.exe
E:Program FilesOrangeSystraySystrayApp.exe
E:Program FilesBitDefenderBitDefender 2008dagent.exe
E:WINDOWSsystem32ctfmon.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesAlertModuleAlertModule.exe
E:Program FilesOrangeLauncherLauncher.exe
E:Program Filese-Carte Bleue La Banque Postaleecbl-lbp.exe
E:Program FilesAXMAFax-internetfaxtray.exe
E:Program FilesIncrediMailinIMApp.exe
E:WINDOWSsystem32IcoSauve.exe
E:Program FilesUltimateZip 2.7uzqkst.exe
E:Program FilesOrangeDeskboarddeskboard.exe
E:Program FilesOrangeconnectivityconnectivitymanager.exe
E:Program FilesOrangeconnectivityCoreComCoreCom.exe
E:Program FilesFichiers communsAppleMobile Device SupportinAppleMobileDeviceService.exe
E:Program FilesBonjourmDNSResponder.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe
E:Program FilesFichiers communsBitDefenderBitDefender Communicatorxcommsvr.exe
E:Program FilesFichiers communsBitDefenderBitDefender Update Servicelivesrv.exe
E:Program FilesBitDefenderBitDefender 2008vsserv.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesOrangeconnectivityCoreComOraConfigRecover.exe
E:PROGRA~1FICHIE~1France TelecomShared ModulesFTCOMModuleFTCOMModule.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32wuauclt.exe
H:pgmHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - E:WINDOWSsystem32BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:Program FilesJavajre1.6.0inssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:Program FilesBitDefenderBitDefender 2008IEToolbar.dll
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [igfxtray] E:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] E:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] E:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] E:WINDOWSsystem32spooldriversw32x863hpztsb03.exe
O4 - HKLM..Run: [eCarteBleue-LP-P1] "E:Program Filese-Carte BleueLA BANQUE POSTALECVD ADESIOECB.exe" /dontopenmycards
O4 - HKLM..Run: [NeroCheck] E:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SystrayORAHSS] "E:Program FilesOrangeSystraySystrayApp.exe"
O4 - HKLM..Run: [ORAHSSSessionManager] E:Program FilesOrangeSessionManagerSessionManager.exe
O4 - HKLM..Run: [BitDefender Antiphishing Helper] "E:Program FilesBitDefenderBitDefender 2008IEShow.exe"
O4 - HKLM..Run: [BDAgent] "E:Program FilesBitDefenderBitDefender 2008dagent.exe"
O4 - HKLM..Run: [QuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] E:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [IncrediMail] E:Program FilesIncrediMailinIncMail.exe /c
O4 - HKUSS-1-5-19..RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RESEAU')
O4 - Startup: IcoSauve.lnk = E:WINDOWSsystem32IcoSauve.exe
O4 - Startup: UltimateZip Quick Start.lnk = E:Program FilesUltimateZip 2.7uzqkst.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = E:Program Filese-Carte Bleue La Banque Postaleecbl-lbp.exe
O4 - Global Startup: Gestionnaire de lancement d'application fax.lnk = E:Program FilesAXMAFax-internetfaxtray.exe
O4 - Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - E:Program FilesFichiers communsAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:Program FilesBonjourmDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:PROGRA~1FICHIE~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c92edf8457848) (gupdate1c92edf8457848) - Google Inc. - E:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:Program FilesiPodiniPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - E:Program FilesFichiers communsBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:Program FilesBitDefenderBitDefender 2008vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:Program FilesFichiers communsBitDefenderBitDefender Communicatorxcommsvr.exe

--
End of file - 8604 bytes

Encore merci pour le suivi de mon affaire! A +

r@in | b0w · le 18 Nov 2008 11:39

Bonjour.

_ Le dosssier a été supprimé par Toolbar S&D, pas de soucis à se faire.

_ Tu peux supprimer la ligne:

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU).

_ Pour terminer la désinfection et optimiser Windows:

_ Désinstallation des utilitaires utilisés:

Les programmes utilisés pour la désinfection ne sont pas à utiliser quotidiennement.

Pour les désinstaller, il faut aller dans le Panneau de configuration puis, via Ajouter/Supprimer des programmes, sélectionner les utilitaires et cliquer sur Désinstaller.

Pour une suppression effective, penses à supprimer leurs dossiers respectifs, la plupart à la racine de ta partition principale.

_ Utilisation d'un navigateur internet alternatif:

Internet Explorer n'étant pas sûr, il est préférable d'installer un navigateur internet alternatif pour sécuriser ton surf.

Tu as le choix entre Mozilla Firefox, Apple Safari ou encore Opéra.

Il faudra ensuite définir ce navigateur internet alternatif comme navigateur par défaut.

_ Utilisation d'un pare-feu alternatif:

Il est recommandé de ne pas utiliser le pare-feu Windows et d'en prendre un plus efficace.

Le choix est large: Zone Alarm, Sunbelt, Ashampoo ou encore Sygate.

Après avoir sélectionné le pare-feu idéal, il faudra désactiver celui de Windows.

_ Nettoyage des points de restauration:

Dans un premier temps, il faut supprimer tous les points de restauration.

Pour cela, cliques sur Poste de travail puis Propriétés.
Onglet Restauration automatique du système, tu coches la ligne Désactiver la restauration du système puis tu valides par Ok.
Tu confirmes la suppression de tous les points de restauration, puis tu cliques sur Appliquer et/ou Ok.

Ensuite, il faut réactiver la restauration automatique du système.

Tu refais la manipulation précédente pour relancer les propriétés du Poste de travail.
Tu décoches la ligne puis cliques sur Appliquer & Ok.

Tu auras créer un point de restauration propre.

_ Nettoyage des fichiers temporaires & de la base de registre:

Pour cela, Ccleaner reste le moyen le plus sûr et pratique de tout nettoyer sans risques.

En suivant ce tutorial, cet utilitaire sera configuré correctement.

Il est aussi utile de purger régulièrement le dossier Prefetch en profitant de Ccleaner pour automatiser ce nettoyage.
Pour cela, il faut aller dans Options puis Personnaliser pour ajouter le dossier C:WindowsPREFETCH.

_ Un petit coup d'oeil à notre dossier Nettoyage peut être utile en supplément.

Et finalement, pour optimiser Windows XP, ce sujet sera intéressant.

rootkit(syteme32kdush.exe)

rootkit(syteme32kdush.exe)

Sujets similaires

Qui est en ligne